# Flog Txt Version 1 # Analyzer Version: 3.2.1 # Analyzer Build Date: Feb 18 2020 07:49:07 # Log Creation Date: 02.03.2020 15:39:09.516 Process: id = "1" image_name = "winupdt.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\winupdt.exe" page_root = "0x4bd72000" os_pid = "0x5e0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x454" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WinUpdt.exe\" " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0x410 [0028.494] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0030.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x3ae898, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77 [0030.190] IsAppThemed () returned 0x1 [0030.192] CoTaskMemAlloc (cb=0xf0) returned 0x7c7128 [0030.192] CreateActCtxA (pActCtx=0x3aed94) returned 0x7d9ec4 [0030.250] CoTaskMemFree (pv=0x7c7128) [0030.259] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc167 [0030.259] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc169 [0030.270] GetUserNameW (in: lpBuffer=0x3aebd4, pcbBuffer=0x3aee4c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x3aee4c) returned 1 [0030.273] GetComputerNameW (in: lpBuffer=0x3aebd4, nSize=0x3aee4c | out: lpBuffer="XDUWTFONO", nSize=0x3aee4c) returned 1 [0030.274] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x3aeccc, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x2d [0030.322] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0030.325] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x74970000 [0030.871] AdjustWindowRectEx (in: lpRect=0x3aedec, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50081 | out: lpRect=0x3aedec) returned 1 [0030.874] GetCurrentProcess () returned 0xffffffff [0030.874] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x3aed04, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3aed04*=0x210) returned 1 [0030.887] GetCurrentActCtx (in: lphActCtx=0x3aec64 | out: lphActCtx=0x3aec64*=0x0) returned 1 [0030.887] ActivateActCtx (in: hActCtx=0x7d9ec4, lpCookie=0x3aec74 | out: hActCtx=0x7d9ec4, lpCookie=0x3aec74) returned 1 [0030.888] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0030.891] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x747d0000 [0031.546] GetModuleHandleW (lpModuleName="user32.dll") returned 0x77130000 [0031.546] GetProcAddress (hModule=0x77130000, lpProcName="DefWindowProcW") returned 0x77c725dd [0031.547] GetStockObject (i=5) returned 0x1900015 [0031.563] GetModuleHandleW (lpModuleName=0x0) returned 0x13e0000 [0031.565] CoTaskMemAlloc (cb=0x5c) returned 0x7d2850 [0031.565] RegisterClassW (lpWndClass=0x3aeb1c) returned 0xc121 [0031.565] CoTaskMemFree (pv=0x7d2850) [0031.565] GetModuleHandleW (lpModuleName=0x0) returned 0x13e0000 [0031.566] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x13e0000, lpParam=0x0) returned 0x6011a [0031.566] SetWindowLongW (hWnd=0x6011a, nIndex=-4, dwNewLong=2009540061) returned 12191782 [0031.567] GetWindowLongW (hWnd=0x6011a, nIndex=-4) returned 2009540061 [0031.649] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ae42c | out: phkResult=0x3ae42c*=0x228) returned 0x0 [0031.650] RegQueryValueExW (in: hKey=0x228, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x3ae44c, lpData=0x0, lpcbData=0x3ae448*=0x0 | out: lpType=0x3ae44c*=0x0, lpData=0x0, lpcbData=0x3ae448*=0x0) returned 0x2 [0031.650] RegQueryValueExW (in: hKey=0x228, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x3ae44c, lpData=0x0, lpcbData=0x3ae448*=0x0 | out: lpType=0x3ae44c*=0x0, lpData=0x0, lpcbData=0x3ae448*=0x0) returned 0x2 [0031.650] RegCloseKey (hKey=0x228) returned 0x0 [0031.652] SetWindowLongW (hWnd=0x6011a, nIndex=-4, dwNewLong=12191822) returned 2009540061 [0031.652] GetWindowLongW (hWnd=0x6011a, nIndex=-4) returned 12191822 [0031.652] GetWindowLongW (hWnd=0x6011a, nIndex=-16) returned 113311744 [0031.653] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc122 [0031.654] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc161 [0031.654] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x6011a, Msg=0x81, wParam=0x0, lParam=0x3ae6f8) returned 0x1 [0031.654] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x6011a, Msg=0x83, wParam=0x0, lParam=0x3ae6e4) returned 0x0 [0031.654] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x6011a, Msg=0x1, wParam=0x0, lParam=0x3ae6f8) returned 0x0 [0031.655] GetClientRect (in: hWnd=0x6011a, lpRect=0x3ae460 | out: lpRect=0x3ae460) returned 1 [0031.655] GetWindowRect (in: hWnd=0x6011a, lpRect=0x3ae460 | out: lpRect=0x3ae460) returned 1 [0031.656] GetParent (hWnd=0x6011a) returned 0x0 [0031.656] DeactivateActCtx (dwFlags=0x0, ulCookie=0x17a50001) returned 1 [0031.749] EtwEventRegister () returned 0x0 [0031.755] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74970000 [0031.755] AdjustWindowRectEx (in: lpRect=0x3aeda4, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x3aeda4) returned 1 [0031.755] GetSystemMetrics (nIndex=59) returned 1460 [0031.755] GetSystemMetrics (nIndex=60) returned 920 [0031.755] GetSystemMetrics (nIndex=34) returned 132 [0031.755] GetSystemMetrics (nIndex=35) returned 38 [0031.756] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74970000 [0031.756] AdjustWindowRectEx (in: lpRect=0x3aeca4, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x3aeca4) returned 1 [0031.761] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WinUpdt.exe.config", nBufferLength=0x105, lpBuffer=0x3ae6a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WinUpdt.exe.config", lpFilePart=0x0) returned 0x38 [0031.761] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3aeb3c) returned 1 [0031.761] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WinUpdt.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\winupdt.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x3aebb8 | out: lpFileInformation=0x3aebb8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0031.761] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3aeb38) returned 1 [0032.021] GetSystemMetrics (nIndex=11) returned 32 [0032.021] GetSystemMetrics (nIndex=12) returned 32 [0032.022] GetDC (hWnd=0x0) returned 0x1c0107c4 [0032.024] GetDeviceCaps (hdc=0x1c0107c4, index=12) returned 32 [0032.025] GetDeviceCaps (hdc=0x1c0107c4, index=14) returned 1 [0032.025] ReleaseDC (hWnd=0x0, hDC=0x1c0107c4) returned 1 [0032.025] CreateIconFromResourceEx (presbits=0x2829f90, dwResSize=0x10a8, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0x301cd [0032.031] CreateCompatibleDC (hdc=0x0) returned 0x390109bb [0032.032] GetSystemDefaultLCID () returned 0x409 [0032.032] GetStockObject (i=17) returned 0x18a0025 [0032.034] GetObjectW (in: h=0x18a0025, c=92, pv=0x3aeafc | out: pv=0x3aeafc) returned 92 [0032.034] GetDC (hWnd=0x0) returned 0x1c0107c4 [0032.141] GdiplusStartup (in: token=0x166fc0, input=0x3ae0c8, output=0x3ae118 | out: token=0x166fc0, output=0x3ae118) returned 0x0 [0032.164] CoTaskMemAlloc (cb=0x5c) returned 0x7d2510 [0032.165] GdipCreateFontFromLogfontW (hdc=0x1c0107c4, logfont=0x7d2510, font=0x3aebc4) returned 0x0 [0032.280] CoTaskMemFree (pv=0x7d2510) [0032.281] CoTaskMemAlloc (cb=0x5c) returned 0x7d2510 [0032.281] CoTaskMemFree (pv=0x7d2510) [0032.281] CoTaskMemAlloc (cb=0x5c) returned 0x7d2510 [0032.281] CoTaskMemFree (pv=0x7d2510) [0032.281] GdipGetFontUnit (font=0x10c2230, unit=0x3aeb90) returned 0x0 [0032.281] GdipGetFontSize (font=0x10c2230, size=0x3aeb94) returned 0x0 [0032.281] GdipGetFontStyle (font=0x10c2230, style=0x3aeb8c) returned 0x0 [0032.282] GdipGetFamily (font=0x10c2230, family=0x3aeb88) returned 0x0 [0032.282] GdipGetFontSize (font=0x10c2230, size=0x282b534) returned 0x0 [0032.282] ReleaseDC (hWnd=0x0, hDC=0x1c0107c4) returned 1 [0032.282] GetDC (hWnd=0x0) returned 0x30109bc [0032.283] GdipCreateFromHDC (hdc=0x30109bc, graphics=0x3aebb0) returned 0x0 [0032.284] GdipGetDpiY (graphics=0x6effcf0, dpi=0x282b63c) returned 0x0 [0032.284] GdipGetFontHeight (font=0x10c2230, graphics=0x6effcf0, height=0x3aeba8) returned 0x0 [0032.285] GdipGetEmHeight (family=0x10cf6b8, style=0, EmHeight=0x3aebb0) returned 0x0 [0032.285] GdipGetLineSpacing (family=0x10cf6b8, style=0, LineSpacing=0x3aebb0) returned 0x0 [0032.285] GdipDeleteGraphics (graphics=0x6effcf0) returned 0x0 [0032.285] ReleaseDC (hWnd=0x0, hDC=0x30109bc) returned 1 [0032.285] GdipCreateFont (fontFamily=0x10cf6b8, emSize=0x41040000, style=0, unit=0x3, font=0x282b5fc) returned 0x0 [0032.285] GdipGetFontSize (font=0x6f52940, size=0x282b600) returned 0x0 [0032.286] GdipDeleteFont (font=0x10c2230) returned 0x0 [0032.287] GetDC (hWnd=0x0) returned 0x30109bc [0032.287] GdipCreateFromHDC (hdc=0x30109bc, graphics=0x3aebd4) returned 0x0 [0032.287] CoTaskMemAlloc (cb=0x5c) returned 0x7d2510 [0032.287] GdipGetLogFontW (font=0x6f52940, graphics=0x6effcf0, logfontW=0x7d2510) returned 0x0 [0032.288] CoTaskMemFree (pv=0x7d2510) [0032.288] CoTaskMemAlloc (cb=0x5c) returned 0x7d2510 [0032.288] CoTaskMemFree (pv=0x7d2510) [0032.288] CoTaskMemAlloc (cb=0x5c) returned 0x7d2510 [0032.288] CoTaskMemFree (pv=0x7d2510) [0032.288] GdipDeleteGraphics (graphics=0x6effcf0) returned 0x0 [0032.288] ReleaseDC (hWnd=0x0, hDC=0x30109bc) returned 1 [0032.288] CoTaskMemAlloc (cb=0x5c) returned 0x7d2510 [0032.288] CreateFontIndirectW (lplf=0x7d2510) returned 0x260a07cf [0032.289] CoTaskMemFree (pv=0x7d2510) [0032.289] SelectObject (hdc=0x390109bb, h=0x260a07cf) returned 0x18a002e [0032.289] GetTextMetricsW (in: hdc=0x390109bb, lptm=0x3aece0 | out: lptm=0x3aece0) returned 1 [0032.289] GetTextExtentPoint32W (in: hdc=0x390109bb, lpString="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", c=52, psizl=0x282b858 | out: psizl=0x282b858) returned 1 [0032.291] SelectObject (hdc=0x390109bb, h=0x18a002e) returned 0x260a07cf [0032.292] DeleteDC (hdc=0x390109bb) returned 1 [0032.292] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74970000 [0032.292] AdjustWindowRectEx (in: lpRect=0x3aea48, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x3aea48) returned 1 [0032.292] AdjustWindowRectEx (in: lpRect=0x3aec6c, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x3aec6c) returned 1 [0032.293] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74970000 [0032.293] AdjustWindowRectEx (in: lpRect=0x3ae9c0, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x3ae9c0) returned 1 [0032.293] AdjustWindowRectEx (in: lpRect=0x3aeaa4, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x3aeaa4) returned 1 [0032.296] GetSystemMetrics (nIndex=59) returned 1460 [0032.296] GetSystemMetrics (nIndex=60) returned 920 [0032.296] GetSystemMetrics (nIndex=34) returned 132 [0032.296] GetSystemMetrics (nIndex=35) returned 38 [0032.296] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74970000 [0032.296] AdjustWindowRectEx (in: lpRect=0x3ae950, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x3ae950) returned 1 [0032.296] AdjustWindowRectEx (in: lpRect=0x3aea18, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x3aea18) returned 1 [0032.296] GetCurrentActCtx (in: lphActCtx=0x3aee08 | out: lphActCtx=0x3aee08*=0x0) returned 1 [0032.296] ActivateActCtx (in: hActCtx=0x7d9ec4, lpCookie=0x3aee18 | out: hActCtx=0x7d9ec4, lpCookie=0x3aee18) returned 1 [0032.299] GetCurrentActCtx (in: lphActCtx=0x3aec28 | out: lphActCtx=0x3aec28*=0x7d9ec4) returned 1 [0032.299] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x747d0000 [0032.299] AdjustWindowRectEx (in: lpRect=0x3aeb88, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x3aeb88) returned 1 [0032.299] GetModuleHandleW (lpModuleName=0x0) returned 0x13e0000 [0032.299] CreateWindowExW (dwExStyle=0x50080, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", lpWindowName="no reason", dwStyle=0x2cf0000, X=-2147483648, Y=-2147483648, nWidth=164, nHeight=91, hWndParent=0x0, hMenu=0x0, hInstance=0x13e0000, lpParam=0x0) returned 0x8010e [0032.299] SetWindowLongW (hWnd=0x8010e, nIndex=-4, dwNewLong=2009540061) returned 12191782 [0032.299] GetWindowLongW (hWnd=0x8010e, nIndex=-4) returned 2009540061 [0032.300] SetWindowLongW (hWnd=0x8010e, nIndex=-4, dwNewLong=12191902) returned 2009540061 [0032.300] GetWindowLongW (hWnd=0x8010e, nIndex=-4) returned 12191902 [0032.300] GetWindowLongW (hWnd=0x8010e, nIndex=-16) returned 114229248 [0032.300] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0x81, wParam=0x0, lParam=0x3ae6bc) returned 0x1 [0032.301] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0x83, wParam=0x0, lParam=0x3ae6a8) returned 0x0 [0032.418] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0x1, wParam=0x0, lParam=0x3ae6bc) returned 0x0 [0032.418] GetClientRect (in: hWnd=0x8010e, lpRect=0x3ae3f4 | out: lpRect=0x3ae3f4) returned 1 [0032.418] GetWindowRect (in: hWnd=0x8010e, lpRect=0x3ae3f4 | out: lpRect=0x3ae3f4) returned 1 [0032.419] SetWindowTextW (hWnd=0x8010e, lpString="no reason") returned 1 [0032.419] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0xc, wParam=0x0, lParam=0x28164d8) returned 0x1 [0032.431] GetUserObjectInformationA (in: hObj=0x5c, nIndex=1, pvInfo=0x282bdf4, nLength=0xc, lpnLengthNeeded=0x3ae2f4 | out: pvInfo=0x282bdf4, lpnLengthNeeded=0x3ae2f4) returned 1 [0032.434] SetConsoleCtrlHandler (HandlerRoutine=0xba08c6, Add=1) returned 1 [0032.435] GetModuleHandleW (lpModuleName=0x0) returned 0x13e0000 [0032.435] GetModuleHandleW (lpModuleName=0x0) returned 0x13e0000 [0032.436] GetClassInfoW (in: hInstance=0x13e0000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWndClass=0x282be58 | out: lpWndClass=0x282be58) returned 0 [0032.438] CoTaskMemAlloc (cb=0x58) returned 0x7d36e0 [0032.438] RegisterClassW (lpWndClass=0x3ae244) returned 0xc163 [0032.438] CoTaskMemFree (pv=0x7d36e0) [0032.439] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x13e0000, lpParam=0x0) returned 0x30162 [0032.439] NtdllDefWindowProc_W () returned 0x0 [0032.439] NtdllDefWindowProc_W () returned 0x0 [0032.439] NtdllDefWindowProc_W () returned 0x0 [0032.439] NtdllDefWindowProc_W () returned 0x0 [0032.446] GetStartupInfoW (in: lpStartupInfo=0x282c1d8 | out: lpStartupInfo=0x282c1d8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WinUpdt.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0032.446] GetParent (hWnd=0x8010e) returned 0x0 [0032.446] SetWindowLongW (hWnd=0x8010e, nIndex=-8, dwNewLong=0) returned 0 [0032.446] GetSystemMetrics (nIndex=49) returned 16 [0032.446] GetSystemMetrics (nIndex=50) returned 16 [0032.446] CreateIconFromResourceEx (presbits=0x282c258, dwResSize=0x468, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0xd00dd [0032.447] SendMessageW (hWnd=0x8010e, Msg=0x80, wParam=0x0, lParam=0xd00dd) returned 0x0 [0032.447] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0x80, wParam=0x0, lParam=0xd00dd) returned 0x0 [0032.450] SendMessageW (hWnd=0x8010e, Msg=0x80, wParam=0x1, lParam=0x301cd) returned 0x0 [0032.450] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0x80, wParam=0x1, lParam=0x301cd) returned 0x0 [0032.466] GetSystemMenu (hWnd=0x8010e, bRevert=0) returned 0x80119 [0032.468] GetWindowPlacement (in: hWnd=0x8010e, lpwndpl=0x3aec38 | out: lpwndpl=0x3aec38) returned 1 [0032.468] EnableMenuItem (hMenu=0x80119, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0032.468] EnableMenuItem (hMenu=0x80119, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0032.468] EnableMenuItem (hMenu=0x80119, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0032.468] EnableMenuItem (hMenu=0x80119, uIDEnableItem=0xf120, uEnable=0x1) returned 0 [0032.468] EnableMenuItem (hMenu=0x80119, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0032.468] GetClientRect (in: hWnd=0x8010e, lpRect=0x3aec7c | out: lpRect=0x3aec7c) returned 1 [0032.468] GetClientRect (in: hWnd=0x8010e, lpRect=0x3aebdc | out: lpRect=0x3aebdc) returned 1 [0032.468] GetWindowRect (in: hWnd=0x8010e, lpRect=0x3aebdc | out: lpRect=0x3aebdc) returned 1 [0032.468] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x747d0000 [0032.468] GetWindowLongW (hWnd=0x8010e, nIndex=-16) returned 114229248 [0032.469] GetWindowTextLengthW (hWnd=0x8010e) returned 9 [0032.469] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0032.469] GetSystemMetrics (nIndex=42) returned 0 [0032.469] GetWindowTextW (in: hWnd=0x8010e, lpString=0x3aeb74, nMaxCount=10 | out: lpString="no reason") returned 9 [0032.469] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0xd, wParam=0xa, lParam=0x3aeb74) returned 0x9 [0032.469] GetWindowTextLengthW (hWnd=0x8010e) returned 9 [0032.469] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0032.469] GetSystemMetrics (nIndex=42) returned 0 [0032.469] GetWindowTextW (in: hWnd=0x8010e, lpString=0x3aeb74, nMaxCount=10 | out: lpString="no reason") returned 9 [0032.469] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0xd, wParam=0xa, lParam=0x3aeb74) returned 0x9 [0032.470] GetWindowLongW (hWnd=0x8010e, nIndex=-16) returned 114229248 [0032.470] GetWindowLongW (hWnd=0x8010e, nIndex=-20) returned 328064 [0032.470] SetWindowLongW (hWnd=0x8010e, nIndex=-16, dwNewLong=47120384) returned 114229248 [0032.470] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0x7c, wParam=0xfffffff0, lParam=0x3aebd0) returned 0x0 [0032.470] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0x7d, wParam=0xfffffff0, lParam=0x3aebd0) returned 0x0 [0032.470] SetWindowLongW (hWnd=0x8010e, nIndex=-20, dwNewLong=327808) returned 328064 [0032.470] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0x7c, wParam=0xffffffec, lParam=0x3aebd0) returned 0x0 [0032.470] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0x7d, wParam=0xffffffec, lParam=0x3aebd0) returned 0x0 [0032.471] SetWindowPos (hWnd=0x8010e, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0032.471] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0x46, wParam=0x0, lParam=0x3aebf0) returned 0x0 [0032.471] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0x83, wParam=0x1, lParam=0x3aebc8) returned 0x0 [0032.471] GetWindowPlacement (in: hWnd=0x8010e, lpwndpl=0x3ae9a0 | out: lpwndpl=0x3ae9a0) returned 1 [0032.471] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0x47, wParam=0x0, lParam=0x3aebf0) returned 0x0 [0032.471] GetClientRect (in: hWnd=0x8010e, lpRect=0x3ae950 | out: lpRect=0x3ae950) returned 1 [0032.471] GetWindowRect (in: hWnd=0x8010e, lpRect=0x3ae950 | out: lpRect=0x3ae950) returned 1 [0032.472] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0x83, wParam=0x1, lParam=0x3ae7d4) returned 0x0 [0032.473] RedrawWindow (hWnd=0x8010e, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0032.473] GetSystemMenu (hWnd=0x8010e, bRevert=0) returned 0x80119 [0032.473] GetWindowPlacement (in: hWnd=0x8010e, lpwndpl=0x3aec28 | out: lpwndpl=0x3aec28) returned 1 [0032.473] EnableMenuItem (hMenu=0x80119, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0032.473] EnableMenuItem (hMenu=0x80119, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0032.473] EnableMenuItem (hMenu=0x80119, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0032.473] EnableMenuItem (hMenu=0x80119, uIDEnableItem=0xf120, uEnable=0x1) returned 1 [0032.473] EnableMenuItem (hMenu=0x80119, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0032.473] ShowWindow (hWnd=0x8010e, nCmdShow=5) [0032.473] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0032.474] GetWindowTextLengthW (hWnd=0x8010e) returned 9 [0032.474] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0032.474] GetSystemMetrics (nIndex=42) returned 0 [0032.474] GetWindowTextW (in: hWnd=0x8010e, lpString=0x3ae898, nMaxCount=10 | out: lpString="no reason") returned 9 [0032.474] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0xd, wParam=0xa, lParam=0x3ae898) returned 0x9 [0032.483] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x747d0000 [0032.483] GetWindowLongW (hWnd=0x8010e, nIndex=-16) returned 114229248 [0032.483] GetWindowTextLengthW (hWnd=0x8010e) returned 9 [0032.483] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0032.483] GetSystemMetrics (nIndex=42) returned 0 [0032.483] GetWindowTextW (in: hWnd=0x8010e, lpString=0x3ae798, nMaxCount=10 | out: lpString="no reason") returned 9 [0032.483] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0xd, wParam=0xa, lParam=0x3ae798) returned 0x9 [0032.483] GetWindowTextLengthW (hWnd=0x8010e) returned 9 [0032.483] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0032.483] GetSystemMetrics (nIndex=42) returned 0 [0032.483] GetWindowTextW (in: hWnd=0x8010e, lpString=0x3ae798, nMaxCount=10 | out: lpString="no reason") returned 9 [0032.483] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0xd, wParam=0xa, lParam=0x3ae798) returned 0x9 [0032.483] GetWindowLongW (hWnd=0x8010e, nIndex=-16) returned 114229248 [0032.483] GetWindowLongW (hWnd=0x8010e, nIndex=-20) returned 328064 [0032.483] SetWindowLongW (hWnd=0x8010e, nIndex=-16, dwNewLong=315555840) returned 114229248 [0032.483] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0x7c, wParam=0xfffffff0, lParam=0x3ae7f4) returned 0x0 [0032.483] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0x7d, wParam=0xfffffff0, lParam=0x3ae7f4) returned 0x0 [0032.484] SetWindowLongW (hWnd=0x8010e, nIndex=-20, dwNewLong=852096) returned 328064 [0032.484] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0x7c, wParam=0xffffffec, lParam=0x3ae7f4) returned 0x0 [0032.492] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0x7d, wParam=0xffffffec, lParam=0x3ae7f4) returned 0x0 [0032.492] SetWindowPos (hWnd=0x8010e, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0032.492] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0x46, wParam=0x0, lParam=0x3ae814) returned 0x0 [0032.492] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0x83, wParam=0x1, lParam=0x3ae7ec) returned 0x0 [0032.492] GetWindowPlacement (in: hWnd=0x8010e, lpwndpl=0x3ae5c4 | out: lpwndpl=0x3ae5c4) returned 1 [0032.492] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0x47, wParam=0x0, lParam=0x3ae814) returned 0x0 [0032.493] GetClientRect (in: hWnd=0x8010e, lpRect=0x3ae574 | out: lpRect=0x3ae574) returned 1 [0032.493] GetWindowRect (in: hWnd=0x8010e, lpRect=0x3ae574 | out: lpRect=0x3ae574) returned 1 [0032.493] RedrawWindow (hWnd=0x8010e, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0032.493] GetSystemMenu (hWnd=0x8010e, bRevert=0) returned 0x80119 [0032.493] GetWindowPlacement (in: hWnd=0x8010e, lpwndpl=0x3ae84c | out: lpwndpl=0x3ae84c) returned 1 [0032.493] EnableMenuItem (hMenu=0x80119, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0032.493] EnableMenuItem (hMenu=0x80119, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0032.493] EnableMenuItem (hMenu=0x80119, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0032.493] EnableMenuItem (hMenu=0x80119, uIDEnableItem=0xf120, uEnable=0x1) returned 1 [0032.493] EnableMenuItem (hMenu=0x80119, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0032.498] SetLayeredWindowAttributes (hwnd=0x8010e, crKey=0x0, bAlpha=0x0, dwFlags=0x2) returned 1 [0032.502] GetCurrentThreadId () returned 0x410 [0032.509] EnumThreadWindows (dwThreadId=0x410, lpfn=0xba0916, lParam=0x8010e) returned 1 [0032.537] GetWindowLongW (hWnd=0x30162, nIndex=-8) returned 0 [0032.538] GetWindowLongW (hWnd=0x8010e, nIndex=-8) returned 0 [0032.538] GetWindowLongW (hWnd=0x301fe, nIndex=-8) returned 524558 [0032.572] SetWindowLongW (hWnd=0x301fe, nIndex=-8, dwNewLong=0) returned 524558 [0032.574] GetParent (hWnd=0x8010e) returned 0x0 [0032.574] GetWindowLongW (hWnd=0x8010e, nIndex=-20) returned 852352 [0032.574] DestroyWindow (hWnd=0x8010e) returned 1 [0032.574] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0032.574] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0x46, wParam=0x0, lParam=0x3ae750) returned 0x0 [0032.582] GetWindowPlacement (in: hWnd=0x8010e, lpwndpl=0x3ae500 | out: lpwndpl=0x3ae500) returned 1 [0032.582] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0x47, wParam=0x0, lParam=0x3ae750) returned 0x0 [0032.582] GetClientRect (in: hWnd=0x8010e, lpRect=0x3ae4b0 | out: lpRect=0x3ae4b0) returned 1 [0032.582] GetWindowRect (in: hWnd=0x8010e, lpRect=0x3ae4b0 | out: lpRect=0x3ae4b0) returned 1 [0032.585] GetWindowTextLengthW (hWnd=0x8010e) returned 9 [0032.585] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0032.585] GetSystemMetrics (nIndex=42) returned 0 [0032.586] GetWindowTextW (in: hWnd=0x8010e, lpString=0x3ae3d4, nMaxCount=10 | out: lpString="no reason") returned 9 [0032.586] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0xd, wParam=0xa, lParam=0x3ae3d4) returned 0x9 [0032.586] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0032.586] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x8010e, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0032.588] GetCurrentActCtx (in: lphActCtx=0x3ae7ac | out: lphActCtx=0x3ae7ac*=0x7d9ec4) returned 1 [0032.588] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x747d0000 [0032.588] GetModuleHandleW (lpModuleName=0x0) returned 0x13e0000 [0032.589] CreateWindowExW (dwExStyle=0x90080, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", lpWindowName="no reason", dwStyle=0x2cf0000, X=125, Y=125, nWidth=164, nHeight=91, hWndParent=0x0, hMenu=0x0, hInstance=0x13e0000, lpParam=0x0) returned 0x3015c [0032.589] SetWindowLongW (hWnd=0x3015c, nIndex=-4, dwNewLong=2009540061) returned 12191782 [0032.589] GetWindowLongW (hWnd=0x3015c, nIndex=-4) returned 2009540061 [0032.589] SetWindowLongW (hWnd=0x3015c, nIndex=-4, dwNewLong=12192062) returned 2009540061 [0032.589] GetWindowLongW (hWnd=0x3015c, nIndex=-4) returned 12192062 [0032.589] GetWindowLongW (hWnd=0x3015c, nIndex=-16) returned 114229248 [0032.589] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0x81, wParam=0x0, lParam=0x3ae240) returned 0x1 [0032.590] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0x83, wParam=0x0, lParam=0x3ae22c) returned 0x0 [0032.590] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0x1, wParam=0x0, lParam=0x3ae240) returned 0x0 [0032.590] GetClientRect (in: hWnd=0x3015c, lpRect=0x3adf78 | out: lpRect=0x3adf78) returned 1 [0032.590] GetWindowRect (in: hWnd=0x3015c, lpRect=0x3adf78 | out: lpRect=0x3adf78) returned 1 [0032.590] SetWindowTextW (hWnd=0x3015c, lpString="no reason") returned 1 [0032.590] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0xc, wParam=0x0, lParam=0x282cca4) returned 0x1 [0032.590] SetLayeredWindowAttributes (hwnd=0x3015c, crKey=0x0, bAlpha=0x0, dwFlags=0x2) returned 1 [0032.591] GetStartupInfoW (in: lpStartupInfo=0x282cf7c | out: lpStartupInfo=0x282cf7c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WinUpdt.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0032.591] GetParent (hWnd=0x3015c) returned 0x0 [0032.591] GetStockObject (i=5) returned 0x1900015 [0032.592] GetModuleHandleW (lpModuleName=0x0) returned 0x13e0000 [0032.592] CoTaskMemAlloc (cb=0x5c) returned 0x7d2510 [0032.592] RegisterClassW (lpWndClass=0x3ae68c) returned 0xc164 [0032.592] CoTaskMemFree (pv=0x7d2510) [0032.592] GetModuleHandleW (lpModuleName=0x0) returned 0x13e0000 [0032.592] CreateWindowExW (dwExStyle=0x80, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r14_ad1", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x13e0000, lpParam=0x0) returned 0x3015e [0032.592] SetWindowLongW (hWnd=0x3015e, nIndex=-4, dwNewLong=2009540061) returned 12192102 [0032.592] GetWindowLongW (hWnd=0x3015e, nIndex=-4) returned 2009540061 [0032.593] SetWindowLongW (hWnd=0x3015e, nIndex=-4, dwNewLong=12192142) returned 2009540061 [0032.593] GetWindowLongW (hWnd=0x3015e, nIndex=-4) returned 12192142 [0032.593] GetWindowLongW (hWnd=0x3015e, nIndex=-16) returned 79691776 [0032.594] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015e, Msg=0x24, wParam=0x0, lParam=0x3ae274) returned 0x0 [0032.594] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015e, Msg=0x81, wParam=0x0, lParam=0x3ae268) returned 0x1 [0032.594] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015e, Msg=0x83, wParam=0x0, lParam=0x3ae254) returned 0x0 [0032.595] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015e, Msg=0x1, wParam=0x0, lParam=0x3ae268) returned 0x0 [0032.595] SetWindowLongW (hWnd=0x3015c, nIndex=-8, dwNewLong=196958) returned 0 [0032.595] SendMessageW (hWnd=0x3015c, Msg=0x80, wParam=0x0, lParam=0xd00dd) returned 0x0 [0032.595] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0x80, wParam=0x0, lParam=0xd00dd) returned 0x0 [0032.595] SendMessageW (hWnd=0x3015c, Msg=0x80, wParam=0x1, lParam=0x301cd) returned 0x0 [0032.595] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0x80, wParam=0x1, lParam=0x301cd) returned 0x0 [0032.596] GetSystemMenu (hWnd=0x3015c, bRevert=0) returned 0x90119 [0032.596] GetWindowPlacement (in: hWnd=0x3015c, lpwndpl=0x3ae7bc | out: lpwndpl=0x3ae7bc) returned 1 [0032.596] EnableMenuItem (hMenu=0x90119, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0032.596] EnableMenuItem (hMenu=0x90119, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0032.596] EnableMenuItem (hMenu=0x90119, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0032.596] EnableMenuItem (hMenu=0x90119, uIDEnableItem=0xf120, uEnable=0x1) returned 0 [0032.596] EnableMenuItem (hMenu=0x90119, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0032.596] GetClientRect (in: hWnd=0x3015c, lpRect=0x3ae800 | out: lpRect=0x3ae800) returned 1 [0032.596] GetClientRect (in: hWnd=0x3015c, lpRect=0x3ae760 | out: lpRect=0x3ae760) returned 1 [0032.596] GetWindowRect (in: hWnd=0x3015c, lpRect=0x3ae760 | out: lpRect=0x3ae760) returned 1 [0032.596] SetWindowPos (hWnd=0x3015c, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x57) returned 1 [0032.596] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0x46, wParam=0x0, lParam=0x3ae6c8) returned 0x0 [0032.599] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0032.601] GetWindowPlacement (in: hWnd=0x3015c, lpwndpl=0x3ae490 | out: lpwndpl=0x3ae490) returned 1 [0032.601] GetClientRect (in: hWnd=0x3015c, lpRect=0x3ae43c | out: lpRect=0x3ae43c) returned 1 [0032.601] GetWindowTextLengthW (hWnd=0x3015c) returned 9 [0032.601] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0032.601] GetSystemMetrics (nIndex=42) returned 0 [0032.601] GetWindowTextW (in: hWnd=0x3015c, lpString=0x3ae300, nMaxCount=10 | out: lpString="no reason") returned 9 [0032.601] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0xd, wParam=0xa, lParam=0x3ae300) returned 0x9 [0032.601] GetClientRect (in: hWnd=0x3015c, lpRect=0x3ae344 | out: lpRect=0x3ae344) returned 1 [0032.602] GetSysColor (nIndex=10) returned 0xb4b4b4 [0032.602] GetSysColor (nIndex=2) returned 0xd1b499 [0032.602] GetSysColor (nIndex=9) returned 0x0 [0032.602] GetSysColor (nIndex=12) returned 0xababab [0032.602] GetSysColor (nIndex=15) returned 0xf0f0f0 [0032.602] GetSysColor (nIndex=20) returned 0xffffff [0032.602] GetSysColor (nIndex=16) returned 0xa0a0a0 [0032.602] GetSysColor (nIndex=15) returned 0xf0f0f0 [0032.602] GetSysColor (nIndex=16) returned 0xa0a0a0 [0032.602] GetSysColor (nIndex=21) returned 0x696969 [0032.602] GetSysColor (nIndex=22) returned 0xe3e3e3 [0032.602] GetSysColor (nIndex=20) returned 0xffffff [0032.602] GetSysColor (nIndex=18) returned 0x0 [0032.603] GetSysColor (nIndex=1) returned 0x0 [0032.603] GetSysColor (nIndex=27) returned 0xead1b9 [0032.603] GetSysColor (nIndex=28) returned 0xf2e4d7 [0032.603] GetSysColor (nIndex=17) returned 0x6d6d6d [0032.603] GetSysColor (nIndex=13) returned 0xff9933 [0032.603] GetSysColor (nIndex=14) returned 0xffffff [0032.603] GetSysColor (nIndex=26) returned 0xcc6600 [0032.603] GetSysColor (nIndex=11) returned 0xfcf7f4 [0032.603] GetSysColor (nIndex=3) returned 0xdbcdbf [0032.603] GetSysColor (nIndex=19) returned 0x544e43 [0032.603] GetSysColor (nIndex=24) returned 0xe1ffff [0032.603] GetSysColor (nIndex=23) returned 0x0 [0032.603] GetSysColor (nIndex=4) returned 0xf0f0f0 [0032.603] GetSysColor (nIndex=30) returned 0xf0f0f0 [0032.603] GetSysColor (nIndex=29) returned 0xff9933 [0032.603] GetSysColor (nIndex=7) returned 0x0 [0032.603] GetSysColor (nIndex=0) returned 0xc8c8c8 [0032.603] GetSysColor (nIndex=5) returned 0xffffff [0032.603] GetSysColor (nIndex=6) returned 0x646464 [0032.603] GetSysColor (nIndex=8) returned 0x0 [0032.604] GetSystemMetrics (nIndex=80) returned 1 [0032.606] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0xba09b6, dwData=0x0) returned 1 [0032.607] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x3adfac | out: lpmi=0x3adfac) returned 1 [0032.607] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x3b0109b1 [0032.607] GetDeviceCaps (hdc=0x3b0109b1, index=12) returned 32 [0032.607] GetDeviceCaps (hdc=0x3b0109b1, index=14) returned 1 [0032.608] DeleteDC (hdc=0x3b0109b1) returned 1 [0032.608] GetCurrentObject (hdc=0x1c0107c4, type=0x1) returned 0x1b00017 [0032.608] GetCurrentObject (hdc=0x1c0107c4, type=0x2) returned 0x1900010 [0032.608] GetCurrentObject (hdc=0x1c0107c4, type=0x7) returned 0xa0508b3 [0032.608] GetCurrentObject (hdc=0x1c0107c4, type=0x6) returned 0x18a002e [0032.608] SaveDC (hdc=0x1c0107c4) returned 1 [0032.609] GetNearestColor (hdc=0x1c0107c4, color=0xf0f0f0) returned 0xf0f0f0 [0032.609] CreateSolidBrush (color=0xf0f0f0) returned 0x2710024b [0032.610] FillRect (hDC=0x1c0107c4, lprc=0x3ae1e4, hbr=0x2710024b) returned 1 [0032.612] DeleteObject (ho=0x2710024b) returned 1 [0032.612] RestoreDC (hdc=0x1c0107c4, nSavedDC=-1) returned 1 [0032.613] GetWindowPlacement (in: hWnd=0x3015c, lpwndpl=0x3ae478 | out: lpwndpl=0x3ae478) returned 1 [0032.613] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0x47, wParam=0x0, lParam=0x3ae6c8) returned 0x0 [0032.613] GetClientRect (in: hWnd=0x3015c, lpRect=0x3ae428 | out: lpRect=0x3ae428) returned 1 [0032.613] GetWindowRect (in: hWnd=0x3015c, lpRect=0x3ae428 | out: lpRect=0x3ae428) returned 1 [0032.614] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0x83, wParam=0x1, lParam=0x3ae2ac) returned 0x0 [0032.616] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0032.617] GetWindowPlacement (in: hWnd=0x3015c, lpwndpl=0x3ae09c | out: lpwndpl=0x3ae09c) returned 1 [0032.617] GetClientRect (in: hWnd=0x3015c, lpRect=0x3ae048 | out: lpRect=0x3ae048) returned 1 [0032.617] GetWindowTextLengthW (hWnd=0x3015c) returned 9 [0032.617] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0032.617] GetSystemMetrics (nIndex=42) returned 0 [0032.617] GetWindowTextW (in: hWnd=0x3015c, lpString=0x3adf0c, nMaxCount=10 | out: lpString="no reason") returned 9 [0032.617] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0xd, wParam=0xa, lParam=0x3adf0c) returned 0x9 [0032.617] GetClientRect (in: hWnd=0x3015c, lpRect=0x3adf50 | out: lpRect=0x3adf50) returned 1 [0032.617] GetCurrentObject (hdc=0x30109bc, type=0x1) returned 0x1b00017 [0032.617] GetCurrentObject (hdc=0x30109bc, type=0x2) returned 0x1900010 [0032.617] GetCurrentObject (hdc=0x30109bc, type=0x7) returned 0xa0508b3 [0032.617] GetCurrentObject (hdc=0x30109bc, type=0x6) returned 0x18a002e [0032.617] SaveDC (hdc=0x30109bc) returned 1 [0032.617] GetNearestColor (hdc=0x30109bc, color=0xf0f0f0) returned 0xf0f0f0 [0032.618] CreateSolidBrush (color=0xf0f0f0) returned 0x2810024b [0032.618] FillRect (hDC=0x30109bc, lprc=0x3addf0, hbr=0x2810024b) returned 1 [0032.618] DeleteObject (ho=0x2810024b) returned 1 [0032.618] RestoreDC (hdc=0x30109bc, nSavedDC=-1) returned 1 [0032.618] SetWindowLongW (hWnd=0x3015c, nIndex=-8, dwNewLong=196958) returned 196958 [0032.618] SendMessageW (hWnd=0x3015e, Msg=0x80, wParam=0x1, lParam=0x301cd) returned 0x0 [0032.618] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015e, Msg=0x80, wParam=0x1, lParam=0x301cd) returned 0x0 [0032.619] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015e, Msg=0xd, wParam=0x104, lParam=0x8ac610) returned 0x0 [0032.619] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015e, Msg=0xd, wParam=0x104, lParam=0x8ac610) returned 0x0 [0032.619] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x747d0000 [0032.619] GetWindowLongW (hWnd=0x3015c, nIndex=-16) returned 382664704 [0032.619] GetWindowTextLengthW (hWnd=0x3015c) returned 9 [0032.619] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0032.619] GetSystemMetrics (nIndex=42) returned 0 [0032.619] GetWindowTextW (in: hWnd=0x3015c, lpString=0x3ae6f8, nMaxCount=10 | out: lpString="no reason") returned 9 [0032.619] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0xd, wParam=0xa, lParam=0x3ae6f8) returned 0x9 [0032.619] GetWindowTextLengthW (hWnd=0x3015c) returned 9 [0032.619] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0032.620] GetSystemMetrics (nIndex=42) returned 0 [0032.620] GetWindowTextW (in: hWnd=0x3015c, lpString=0x3ae6f8, nMaxCount=10 | out: lpString="no reason") returned 9 [0032.620] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0xd, wParam=0xa, lParam=0x3ae6f8) returned 0x9 [0032.620] GetWindowLongW (hWnd=0x3015c, nIndex=-16) returned 382664704 [0032.620] GetWindowLongW (hWnd=0x3015c, nIndex=-20) returned 590208 [0032.620] SetWindowLongW (hWnd=0x3015c, nIndex=-16, dwNewLong=315555840) returned 382664704 [0032.620] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0x7c, wParam=0xfffffff0, lParam=0x3ae754) returned 0x0 [0032.620] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0x7d, wParam=0xfffffff0, lParam=0x3ae754) returned 0x0 [0032.620] SetWindowLongW (hWnd=0x3015c, nIndex=-20, dwNewLong=589952) returned 590208 [0032.620] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0x7c, wParam=0xffffffec, lParam=0x3ae754) returned 0x0 [0032.620] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0x7d, wParam=0xffffffec, lParam=0x3ae754) returned 0x0 [0032.621] SetWindowPos (hWnd=0x3015c, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0032.621] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0x46, wParam=0x0, lParam=0x3ae774) returned 0x0 [0032.621] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0x83, wParam=0x1, lParam=0x3ae74c) returned 0x0 [0032.623] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0032.624] GetWindowPlacement (in: hWnd=0x3015c, lpwndpl=0x3ae53c | out: lpwndpl=0x3ae53c) returned 1 [0032.624] GetClientRect (in: hWnd=0x3015c, lpRect=0x3ae4e8 | out: lpRect=0x3ae4e8) returned 1 [0032.624] GetWindowTextLengthW (hWnd=0x3015c) returned 9 [0032.624] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0032.624] GetSystemMetrics (nIndex=42) returned 0 [0032.624] GetWindowTextW (in: hWnd=0x3015c, lpString=0x3ae3ac, nMaxCount=10 | out: lpString="no reason") returned 9 [0032.624] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0xd, wParam=0xa, lParam=0x3ae3ac) returned 0x9 [0032.625] GetClientRect (in: hWnd=0x3015c, lpRect=0x3ae3f0 | out: lpRect=0x3ae3f0) returned 1 [0032.625] GetCurrentObject (hdc=0x60109b3, type=0x1) returned 0x1b00017 [0032.625] GetCurrentObject (hdc=0x60109b3, type=0x2) returned 0x1900010 [0032.625] GetCurrentObject (hdc=0x60109b3, type=0x7) returned 0xa0508b3 [0032.625] GetCurrentObject (hdc=0x60109b3, type=0x6) returned 0x18a002e [0032.625] SaveDC (hdc=0x60109b3) returned 1 [0032.625] GetNearestColor (hdc=0x60109b3, color=0xf0f0f0) returned 0xf0f0f0 [0032.625] CreateSolidBrush (color=0xf0f0f0) returned 0x2910024b [0032.625] FillRect (hDC=0x60109b3, lprc=0x3ae290, hbr=0x2910024b) returned 1 [0032.625] DeleteObject (ho=0x2910024b) returned 1 [0032.625] RestoreDC (hdc=0x60109b3, nSavedDC=-1) returned 1 [0032.625] GetWindowPlacement (in: hWnd=0x3015c, lpwndpl=0x3ae524 | out: lpwndpl=0x3ae524) returned 1 [0032.625] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0x47, wParam=0x0, lParam=0x3ae774) returned 0x0 [0032.625] GetClientRect (in: hWnd=0x3015c, lpRect=0x3ae4d4 | out: lpRect=0x3ae4d4) returned 1 [0032.625] GetWindowRect (in: hWnd=0x3015c, lpRect=0x3ae4d4 | out: lpRect=0x3ae4d4) returned 1 [0032.626] RedrawWindow (hWnd=0x3015c, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0032.626] GetSystemMenu (hWnd=0x3015c, bRevert=0) returned 0x90119 [0032.626] GetWindowPlacement (in: hWnd=0x3015c, lpwndpl=0x3ae7ac | out: lpwndpl=0x3ae7ac) returned 1 [0032.626] EnableMenuItem (hMenu=0x90119, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0032.626] EnableMenuItem (hMenu=0x90119, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0032.626] EnableMenuItem (hMenu=0x90119, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0032.626] EnableMenuItem (hMenu=0x90119, uIDEnableItem=0xf120, uEnable=0x1) returned 1 [0032.626] EnableMenuItem (hMenu=0x90119, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0032.626] SetWindowLongW (hWnd=0x301fe, nIndex=-8, dwNewLong=196956) returned 196962 [0032.700] GetCurrentProcessId () returned 0x5e0 [0032.704] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x3ae18c | out: lpLuid=0x3ae18c*(LowPart=0x14, HighPart=0)) returned 1 [0032.705] GetCurrentProcess () returned 0xffffffff [0032.706] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x3ae188 | out: TokenHandle=0x3ae188*=0x24c) returned 1 [0032.706] AdjustTokenPrivileges (in: TokenHandle=0x24c, DisableAllPrivileges=0, NewState=0x282e4a4*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0032.706] CloseHandle (hObject=0x24c) returned 1 [0032.706] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x5e0) returned 0x24c [0032.707] GetExitCodeProcess (in: hProcess=0x24c, lpExitCode=0x282e430 | out: lpExitCode=0x282e430*=0x103) returned 1 [0032.716] CheckRemoteDebuggerPresent (in: hProcess=0x24c, pbDebuggerPresent=0x3ae8e4 | out: pbDebuggerPresent=0x3ae8e4) returned 1 [0032.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SbieDll.dll", cchWideChar=11, lpMultiByteStr=0x3ae884, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SbieDll.dlltëQ%", lpUsedDefaultChar=0x0) returned 11 [0032.731] GetModuleHandleA (lpModuleName="SbieDll.dll") returned 0x0 [0033.111] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x250 [0033.112] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x254 [0033.121] SetEvent (hEvent=0x254) returned 1 [0033.121] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x3ae7ec*=0x250, lpdwindex=0x3ae60c | out: lpdwindex=0x3ae60c) returned 0x0 [0034.069] CoGetContextToken (in: pToken=0x3ae6b8 | out: pToken=0x3ae6b8) returned 0x0 [0034.070] CoGetContextToken (in: pToken=0x3ae618 | out: pToken=0x3ae618) returned 0x0 [0034.070] WbemDefPath:IUnknown:QueryInterface (in: This=0x1040820, riid=0x3ae6e8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3ae6e4 | out: ppvObject=0x3ae6e4*=0x1040820) returned 0x0 [0034.070] WbemDefPath:IUnknown:AddRef (This=0x1040820) returned 0x3 [0034.070] WbemDefPath:IUnknown:Release (This=0x1040820) returned 0x2 [0034.074] WbemDefPath:IWbemPath:SetText (This=0x1040820, uMode=0x4, pszPath="Win32_OperatingSystem") returned 0x0 [0034.074] WbemDefPath:IWbemPath:GetInfo (in: This=0x1040820, uRequestedInfo=0x0, puResponse=0x3ae898 | out: puResponse=0x3ae898*=0xc15) returned 0x0 [0034.075] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1040820, puCount=0x3ae890 | out: puCount=0x3ae890*=0x0) returned 0x0 [0034.076] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b4 [0034.076] SetEvent (hEvent=0x254) returned 1 [0034.076] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x3ae0ec*=0x2b4, lpdwindex=0x3adf0c | out: lpdwindex=0x3adf0c) returned 0x0 [0034.078] CoGetContextToken (in: pToken=0x3adfb8 | out: pToken=0x3adfb8) returned 0x0 [0034.078] CoGetContextToken (in: pToken=0x3adf18 | out: pToken=0x3adf18) returned 0x0 [0034.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x1040998, riid=0x3adfe8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3adfe4 | out: ppvObject=0x3adfe4*=0x1040998) returned 0x0 [0034.078] WbemDefPath:IUnknown:AddRef (This=0x1040998) returned 0x3 [0034.078] WbemDefPath:IUnknown:Release (This=0x1040998) returned 0x2 [0034.078] WbemDefPath:IWbemPath:SetText (This=0x1040998, uMode=0x4, pszPath="//./root/cimv2") returned 0x0 [0034.078] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1040998, puCount=0x3ae868 | out: puCount=0x3ae868*=0x2) returned 0x0 [0034.079] WbemDefPath:IWbemPath:GetText (in: This=0x1040998, lFlags=4, puBuffLength=0x3ae864*=0x0, pszText=0x0 | out: puBuffLength=0x3ae864*=0xf, pszText=0x0) returned 0x0 [0034.079] WbemDefPath:IWbemPath:GetText (in: This=0x1040998, lFlags=4, puBuffLength=0x3ae864*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ae864*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0034.088] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x3ae704*=0x2c8, lpdwindex=0x3ae5b4 | out: lpdwindex=0x3ae5b4) returned 0x0 [0038.771] CoGetContextToken (in: pToken=0x3ae4c0 | out: pToken=0x3ae4c0) returned 0x0 [0038.771] CoGetContextToken (in: pToken=0x3ae468 | out: pToken=0x3ae468) returned 0x0 [0038.772] IUnknown:QueryInterface (in: This=0x7bb468, riid=0x74aa3c98*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ae448 | out: ppvObject=0x3ae448*=0x7bb478) returned 0x0 [0038.773] CObjectContext::ContextCallback () returned 0x0 [0038.777] BeginPaint (in: hWnd=0x3015c, lpPaint=0x3ad704 | out: lpPaint=0x3ad704) returned 0x60109b3 [0038.778] GetWindowPlacement (in: hWnd=0x3015c, lpwndpl=0x3ad460 | out: lpwndpl=0x3ad460) returned 1 [0038.778] GetClientRect (in: hWnd=0x3015c, lpRect=0x3ad40c | out: lpRect=0x3ad40c) returned 1 [0038.778] GetWindowTextLengthW (hWnd=0x3015c) returned 9 [0038.778] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0038.778] GetSystemMetrics (nIndex=42) returned 0 [0038.778] GetWindowTextW (in: hWnd=0x3015c, lpString=0x3ad2d0, nMaxCount=10 | out: lpString="no reason") returned 9 [0038.778] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0xd, wParam=0xa, lParam=0x3ad2d0) returned 0x9 [0038.778] GetClientRect (in: hWnd=0x3015c, lpRect=0x3ad314 | out: lpRect=0x3ad314) returned 1 [0038.779] GetCurrentObject (hdc=0x60109b3, type=0x1) returned 0x1b00017 [0038.779] GetCurrentObject (hdc=0x60109b3, type=0x2) returned 0x1900010 [0038.779] GetCurrentObject (hdc=0x60109b3, type=0x7) returned 0xa0508b3 [0038.779] GetCurrentObject (hdc=0x60109b3, type=0x6) returned 0x18a002e [0038.779] SaveDC (hdc=0x60109b3) returned 1 [0038.779] GetNearestColor (hdc=0x60109b3, color=0xf0f0f0) returned 0xf0f0f0 [0038.779] CreateSolidBrush (color=0xf0f0f0) returned 0x2a10024b [0038.779] FillRect (hDC=0x60109b3, lprc=0x3ad1b4, hbr=0x2a10024b) returned 1 [0038.779] DeleteObject (ho=0x2a10024b) returned 1 [0038.779] RestoreDC (hdc=0x60109b3, nSavedDC=-1) returned 1 [0038.782] GdipCreateHalftonePalette () returned 0xd080998 [0038.782] SelectPalette (hdc=0x60109b3, hPal=0xd080998, bForceBkgd=1) returned 0x188000b [0038.782] GetWindowTextLengthW (hWnd=0x3015c) returned 9 [0038.782] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0038.782] GetSystemMetrics (nIndex=42) returned 0 [0038.782] GetWindowTextW (in: hWnd=0x3015c, lpString=0x3ad698, nMaxCount=10 | out: lpString="no reason") returned 9 [0038.782] CallWindowProcW (lpPrevWndFunc=0x77c725dd, hWnd=0x3015c, Msg=0xd, wParam=0xa, lParam=0x3ad698) returned 0x9 [0038.783] SelectPalette (hdc=0x60109b3, hPal=0x188000b, bForceBkgd=0) returned 0xd080998 [0038.783] EndPaint (hWnd=0x3015c, lpPaint=0x3ad700) returned 1 [0038.787] IUnknown:Release (This=0x7bb478) returned 0x1 [0038.787] CoUnmarshalInterface (in: pStm=0x7f5c20, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3ae4b0 | out: ppv=0x3ae4b0*=0x81bf9c) returned 0x0 [0038.787] CoMarshalInterface (pStm=0x7f5c20, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x81bf9c, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0038.787] WbemLocator:IUnknown:QueryInterface (in: This=0x81bf9c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ae354 | out: ppvObject=0x3ae354*=0x81bf9c) returned 0x0 [0038.787] WbemLocator:IUnknown:QueryInterface (in: This=0x81bf9c, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ae310 | out: ppvObject=0x3ae310*=0x0) returned 0x80004002 [0038.788] WbemLocator:IUnknown:QueryInterface (in: This=0x81bf9c, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ae12c | out: ppvObject=0x3ae12c*=0x0) returned 0x80004002 [0038.789] WbemLocator:IUnknown:AddRef (This=0x81bf9c) returned 0x3 [0038.789] WbemLocator:IUnknown:QueryInterface (in: This=0x81bf9c, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3adc6c | out: ppvObject=0x3adc6c*=0x0) returned 0x80004002 [0038.789] WbemLocator:IUnknown:QueryInterface (in: This=0x81bf9c, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3adc1c | out: ppvObject=0x3adc1c*=0x0) returned 0x80004002 [0038.790] WbemLocator:IUnknown:QueryInterface (in: This=0x81bf9c, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3adc28 | out: ppvObject=0x3adc28*=0x81befc) returned 0x0 [0038.790] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x81befc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3adc30 | out: pCid=0x3adc30*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0038.790] WbemLocator:IUnknown:Release (This=0x81befc) returned 0x3 [0038.790] CoGetContextToken (in: pToken=0x3adc88 | out: pToken=0x3adc88) returned 0x0 [0038.790] IUnknown:QueryInterface (in: This=0x7bb2f8, riid=0x74b4d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3adc4c | out: ppvObject=0x3adc4c*=0x7bb304) returned 0x0 [0038.790] IComThreadingInfo:GetCurrentApartmentType (in: This=0x7bb304, pAptType=0x3adc90 | out: pAptType=0x3adc90*=3) returned 0x0 [0038.790] IUnknown:Release (This=0x7bb304) returned 0x0 [0038.790] CoGetObjectContext (in: riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x810dac | out: ppv=0x810dac*=0x7bb2f8) returned 0x0 [0038.790] CoGetContextToken (in: pToken=0x3ae090 | out: pToken=0x3ae090) returned 0x0 [0038.790] WbemLocator:IUnknown:QueryInterface (in: This=0x81bf9c, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ae120 | out: ppvObject=0x3ae120*=0x81bf84) returned 0x0 [0038.790] WbemLocator:IRpcOptions:Query (in: This=0x81bf84, pPrx=0x81bf9c, dwProperty=2, pdwValue=0x3ae148 | out: pdwValue=0x3ae148) returned 0x0 [0038.790] WbemLocator:IUnknown:Release (This=0x81bf84) returned 0x3 [0038.790] WbemLocator:IUnknown:Release (This=0x81bf9c) returned 0x2 [0038.790] WbemLocator:IUnknown:Release (This=0x81bf9c) returned 0x1 [0038.791] CoGetContextToken (in: pToken=0x3ae400 | out: pToken=0x3ae400) returned 0x0 [0038.791] WbemLocator:IUnknown:AddRef (This=0x81bf9c) returned 0x2 [0038.791] WbemLocator:IUnknown:QueryInterface (in: This=0x81bf9c, riid=0x741f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ae6bc | out: ppvObject=0x3ae6bc*=0x81bf7c) returned 0x0 [0038.791] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x81bf7c, pProxy=0x81bf9c, pAuthnSvc=0x3ae70c, pAuthzSvc=0x3ae708, pServerPrincName=0x3ae700, pAuthnLevel=0x3ae704, pImpLevel=0x3ae6f4, pAuthInfo=0x3ae6f8, pCapabilites=0x3ae6fc | out: pAuthnSvc=0x3ae70c*=0xa, pAuthzSvc=0x3ae708*=0x0, pServerPrincName=0x3ae700, pAuthnLevel=0x3ae704*=0x6, pImpLevel=0x3ae6f4*=0x2, pAuthInfo=0x3ae6f8, pCapabilites=0x3ae6fc*=0x1) returned 0x0 [0038.791] WbemLocator:IUnknown:Release (This=0x81bf7c) returned 0x2 [0038.791] WbemLocator:IUnknown:QueryInterface (in: This=0x81bf9c, riid=0x741f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ae6b0 | out: ppvObject=0x3ae6b0*=0x81bf9c) returned 0x0 [0038.791] WbemLocator:IUnknown:QueryInterface (in: This=0x81bf9c, riid=0x741f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ae6ac | out: ppvObject=0x3ae6ac*=0x81bf7c) returned 0x0 [0038.791] WbemLocator:IClientSecurity:SetBlanket (This=0x81bf7c, pProxy=0x81bf9c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0038.792] WbemLocator:IUnknown:Release (This=0x81bf7c) returned 0x3 [0038.792] WbemLocator:IUnknown:Release (This=0x81bf9c) returned 0x2 [0038.792] CoTaskMemFree (pv=0x7a9bb8) [0038.792] WbemLocator:IUnknown:Release (This=0x81bf9c) returned 0x1 [0038.792] SysStringLen (param_1=0x0) returned 0x0 [0038.792] CoGetContextToken (in: pToken=0x3ae678 | out: pToken=0x3ae678) returned 0x0 [0038.792] CoGetContextToken (in: pToken=0x3ae5d8 | out: pToken=0x3ae5d8) returned 0x0 [0038.792] WbemLocator:IUnknown:QueryInterface (in: This=0x81bf9c, riid=0x3ae6a8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x3ae6a4 | out: ppvObject=0x3ae6a4*=0x104ca1c) returned 0x0 [0038.794] WbemLocator:IUnknown:AddRef (This=0x104ca1c) returned 0x3 [0038.794] WbemLocator:IUnknown:Release (This=0x104ca1c) returned 0x2 [0038.794] CoGetContextToken (in: pToken=0x3ae638 | out: pToken=0x3ae638) returned 0x0 [0038.794] WbemLocator:IUnknown:AddRef (This=0x104ca1c) returned 0x3 [0038.794] WbemLocator:IUnknown:QueryInterface (in: This=0x104ca1c, riid=0x741f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ae6bc | out: ppvObject=0x3ae6bc*=0x81bf7c) returned 0x0 [0038.794] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x81bf7c, pProxy=0x104ca1c, pAuthnSvc=0x3ae70c, pAuthzSvc=0x3ae708, pServerPrincName=0x3ae700, pAuthnLevel=0x3ae704, pImpLevel=0x3ae6f4, pAuthInfo=0x3ae6f8, pCapabilites=0x3ae6fc | out: pAuthnSvc=0x3ae70c*=0xa, pAuthzSvc=0x3ae708*=0x0, pServerPrincName=0x3ae700, pAuthnLevel=0x3ae704*=0x6, pImpLevel=0x3ae6f4*=0x2, pAuthInfo=0x3ae6f8, pCapabilites=0x3ae6fc*=0x1) returned 0x0 [0038.794] WbemLocator:IUnknown:Release (This=0x81bf7c) returned 0x3 [0038.794] WbemLocator:IUnknown:QueryInterface (in: This=0x104ca1c, riid=0x741f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ae6b0 | out: ppvObject=0x3ae6b0*=0x81bf9c) returned 0x0 [0038.794] WbemLocator:IUnknown:QueryInterface (in: This=0x104ca1c, riid=0x741f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ae6ac | out: ppvObject=0x3ae6ac*=0x81bf7c) returned 0x0 [0038.794] WbemLocator:IClientSecurity:SetBlanket (This=0x81bf7c, pProxy=0x104ca1c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0038.794] WbemLocator:IUnknown:Release (This=0x81bf7c) returned 0x4 [0038.794] WbemLocator:IUnknown:Release (This=0x81bf9c) returned 0x3 [0038.794] CoTaskMemFree (pv=0x7f6710) [0038.795] WbemLocator:IUnknown:Release (This=0x104ca1c) returned 0x2 [0038.795] SysStringLen (param_1=0x0) returned 0x0 [0038.795] CoGetContextToken (in: pToken=0x3ae5b0 | out: pToken=0x3ae5b0) returned 0x0 [0038.795] WbemLocator:IUnknown:AddRef (This=0x104ca1c) returned 0x3 [0038.795] IWbemServices:ExecQuery (in: This=0x104ca1c, strQueryLanguage="WQL", strQuery="select * from Win32_OperatingSystem", lFlags=16, pCtx=0x0, ppEnum=0x3ae7c8 | out: ppEnum=0x3ae7c8*=0x104d3d4) returned 0x0 [0038.804] IUnknown:QueryInterface (in: This=0x104d3d4, riid=0x741f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ae620 | out: ppvObject=0x3ae620*=0x104d3d8) returned 0x0 [0038.804] IClientSecurity:QueryBlanket (in: This=0x104d3d8, pProxy=0x104d3d4, pAuthnSvc=0x3ae670, pAuthzSvc=0x3ae66c, pServerPrincName=0x3ae664, pAuthnLevel=0x3ae668, pImpLevel=0x3ae658, pAuthInfo=0x3ae65c, pCapabilites=0x3ae660 | out: pAuthnSvc=0x3ae670*=0xa, pAuthzSvc=0x3ae66c*=0x0, pServerPrincName=0x3ae664, pAuthnLevel=0x3ae668*=0x6, pImpLevel=0x3ae658*=0x2, pAuthInfo=0x3ae65c, pCapabilites=0x3ae660*=0x1) returned 0x0 [0038.804] IUnknown:Release (This=0x104d3d8) returned 0x1 [0038.804] IUnknown:QueryInterface (in: This=0x104d3d4, riid=0x741f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ae614 | out: ppvObject=0x3ae614*=0x81c3a4) returned 0x0 [0038.804] IUnknown:QueryInterface (in: This=0x104d3d4, riid=0x741f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ae610 | out: ppvObject=0x3ae610*=0x104d3d8) returned 0x0 [0038.804] IClientSecurity:SetBlanket (This=0x104d3d8, pProxy=0x104d3d4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0038.809] IUnknown:Release (This=0x104d3d8) returned 0x2 [0038.809] WbemLocator:IUnknown:Release (This=0x81c3a4) returned 0x1 [0038.809] CoTaskMemFree (pv=0x81c408) [0038.809] IUnknown:QueryInterface (in: This=0x104d3d4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ae20c | out: ppvObject=0x3ae20c*=0x81c3a4) returned 0x0 [0038.809] WbemLocator:IUnknown:QueryInterface (in: This=0x81c3a4, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ae1c8 | out: ppvObject=0x3ae1c8*=0x0) returned 0x80004002 [0038.810] WbemLocator:IUnknown:QueryInterface (in: This=0x81c3a4, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3adfe4 | out: ppvObject=0x3adfe4*=0x0) returned 0x80004002 [0038.810] WbemLocator:IUnknown:AddRef (This=0x81c3a4) returned 0x3 [0038.810] WbemLocator:IUnknown:QueryInterface (in: This=0x81c3a4, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3adb24 | out: ppvObject=0x3adb24*=0x0) returned 0x80004002 [0038.810] WbemLocator:IUnknown:QueryInterface (in: This=0x81c3a4, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3adad4 | out: ppvObject=0x3adad4*=0x0) returned 0x80004002 [0038.811] WbemLocator:IUnknown:QueryInterface (in: This=0x81c3a4, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3adae0 | out: ppvObject=0x3adae0*=0x81c304) returned 0x0 [0038.811] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x81c304, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3adae8 | out: pCid=0x3adae8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0038.811] WbemLocator:IUnknown:Release (This=0x81c304) returned 0x3 [0038.811] CoGetContextToken (in: pToken=0x3adb40 | out: pToken=0x3adb40) returned 0x0 [0038.811] CoGetContextToken (in: pToken=0x3adf48 | out: pToken=0x3adf48) returned 0x0 [0038.811] WbemLocator:IUnknown:QueryInterface (in: This=0x81c3a4, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3adfd8 | out: ppvObject=0x3adfd8*=0x81c38c) returned 0x0 [0038.811] WbemLocator:IRpcOptions:Query (in: This=0x81c38c, pPrx=0x81c3a4, dwProperty=2, pdwValue=0x3ae000 | out: pdwValue=0x3ae000) returned 0x80004002 [0038.811] WbemLocator:IUnknown:Release (This=0x81c38c) returned 0x3 [0038.811] WbemLocator:IUnknown:Release (This=0x81c3a4) returned 0x2 [0038.811] CoGetContextToken (in: pToken=0x3ae520 | out: pToken=0x3ae520) returned 0x0 [0038.811] CoGetContextToken (in: pToken=0x3ae480 | out: pToken=0x3ae480) returned 0x0 [0038.811] WbemLocator:IUnknown:QueryInterface (in: This=0x81c3a4, riid=0x3ae550*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ae54c | out: ppvObject=0x3ae54c*=0x104d3d4) returned 0x0 [0038.811] IUnknown:AddRef (This=0x104d3d4) returned 0x4 [0038.811] IUnknown:Release (This=0x104d3d4) returned 0x3 [0038.811] IUnknown:Release (This=0x104d3d4) returned 0x2 [0038.811] WbemLocator:IUnknown:Release (This=0x104ca1c) returned 0x2 [0038.811] SysStringLen (param_1=0x0) returned 0x0 [0038.811] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1040998, puCount=0x3ae814 | out: puCount=0x3ae814*=0x2) returned 0x0 [0038.812] WbemDefPath:IWbemPath:GetText (in: This=0x1040998, lFlags=4, puBuffLength=0x3ae810*=0x0, pszText=0x0 | out: puBuffLength=0x3ae810*=0xf, pszText=0x0) returned 0x0 [0038.812] WbemDefPath:IWbemPath:GetText (in: This=0x1040998, lFlags=4, puBuffLength=0x3ae810*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ae810*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0038.812] CoGetContextToken (in: pToken=0x3ae650 | out: pToken=0x3ae650) returned 0x0 [0038.812] IUnknown:AddRef (This=0x104d3d4) returned 0x3 [0038.812] IEnumWbemClassObject:Clone (in: This=0x104d3d4, ppEnum=0x3ae810 | out: ppEnum=0x3ae810*=0x104d49c) returned 0x0 [0038.813] IUnknown:QueryInterface (in: This=0x104d49c, riid=0x741f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ae6d4 | out: ppvObject=0x3ae6d4*=0x104d4a0) returned 0x0 [0038.813] IClientSecurity:QueryBlanket (in: This=0x104d4a0, pProxy=0x104d49c, pAuthnSvc=0x3ae724, pAuthzSvc=0x3ae720, pServerPrincName=0x3ae718, pAuthnLevel=0x3ae71c, pImpLevel=0x3ae70c, pAuthInfo=0x3ae710, pCapabilites=0x3ae714 | out: pAuthnSvc=0x3ae724*=0xa, pAuthzSvc=0x3ae720*=0x0, pServerPrincName=0x3ae718, pAuthnLevel=0x3ae71c*=0x6, pImpLevel=0x3ae70c*=0x2, pAuthInfo=0x3ae710, pCapabilites=0x3ae714*=0x1) returned 0x0 [0038.813] IUnknown:Release (This=0x104d4a0) returned 0x1 [0038.813] IUnknown:QueryInterface (in: This=0x104d49c, riid=0x741f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ae6c8 | out: ppvObject=0x3ae6c8*=0x81fbcc) returned 0x0 [0038.814] IUnknown:QueryInterface (in: This=0x104d49c, riid=0x741f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ae6c4 | out: ppvObject=0x3ae6c4*=0x104d4a0) returned 0x0 [0038.814] IClientSecurity:SetBlanket (This=0x104d4a0, pProxy=0x104d49c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0038.816] IUnknown:Release (This=0x104d4a0) returned 0x2 [0038.816] WbemLocator:IUnknown:Release (This=0x81fbcc) returned 0x1 [0038.816] CoTaskMemFree (pv=0x81c408) [0038.816] IUnknown:QueryInterface (in: This=0x104d49c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ae2b0 | out: ppvObject=0x3ae2b0*=0x81fbcc) returned 0x0 [0038.816] WbemLocator:IUnknown:QueryInterface (in: This=0x81fbcc, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ae26c | out: ppvObject=0x3ae26c*=0x0) returned 0x80004002 [0038.816] WbemLocator:IUnknown:QueryInterface (in: This=0x81fbcc, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ae08c | out: ppvObject=0x3ae08c*=0x0) returned 0x80004002 [0038.817] WbemLocator:IUnknown:AddRef (This=0x81fbcc) returned 0x3 [0038.817] WbemLocator:IUnknown:QueryInterface (in: This=0x81fbcc, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3adbcc | out: ppvObject=0x3adbcc*=0x0) returned 0x80004002 [0038.817] WbemLocator:IUnknown:QueryInterface (in: This=0x81fbcc, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3adb7c | out: ppvObject=0x3adb7c*=0x0) returned 0x80004002 [0038.818] WbemLocator:IUnknown:QueryInterface (in: This=0x81fbcc, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3adb88 | out: ppvObject=0x3adb88*=0x81fb2c) returned 0x0 [0038.818] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x81fb2c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3adb90 | out: pCid=0x3adb90*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0038.818] WbemLocator:IUnknown:Release (This=0x81fb2c) returned 0x3 [0038.818] CoGetContextToken (in: pToken=0x3adbe8 | out: pToken=0x3adbe8) returned 0x0 [0038.818] CoGetContextToken (in: pToken=0x3adff0 | out: pToken=0x3adff0) returned 0x0 [0038.818] WbemLocator:IUnknown:QueryInterface (in: This=0x81fbcc, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ae080 | out: ppvObject=0x3ae080*=0x81fbb4) returned 0x0 [0038.818] WbemLocator:IRpcOptions:Query (in: This=0x81fbb4, pPrx=0x81fbcc, dwProperty=2, pdwValue=0x3ae0a8 | out: pdwValue=0x3ae0a8) returned 0x80004002 [0038.818] WbemLocator:IUnknown:Release (This=0x81fbb4) returned 0x3 [0038.818] WbemLocator:IUnknown:Release (This=0x81fbcc) returned 0x2 [0038.818] CoGetContextToken (in: pToken=0x3ae5c0 | out: pToken=0x3ae5c0) returned 0x0 [0038.818] CoGetContextToken (in: pToken=0x3ae520 | out: pToken=0x3ae520) returned 0x0 [0038.818] WbemLocator:IUnknown:QueryInterface (in: This=0x81fbcc, riid=0x3ae5f0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ae5ec | out: ppvObject=0x3ae5ec*=0x104d49c) returned 0x0 [0038.818] IUnknown:AddRef (This=0x104d49c) returned 0x4 [0038.818] IUnknown:Release (This=0x104d49c) returned 0x3 [0038.818] IUnknown:Release (This=0x104d49c) returned 0x2 [0038.818] IUnknown:Release (This=0x104d3d4) returned 0x2 [0038.818] SysStringLen (param_1=0x0) returned 0x0 [0038.819] IEnumWbemClassObject:Reset (This=0x104d49c) returned 0x0 [0038.822] CoTaskMemAlloc (cb=0x4) returned 0x7ee5f8 [0038.825] IEnumWbemClassObject:Next (in: This=0x104d49c, lTimeout=-1, uCount=0x1, apObjects=0x7ee5f8, puReturned=0x2832c74 | out: apObjects=0x7ee5f8*=0x104d4d8, puReturned=0x2832c74*=0x1) returned 0x0 [0038.848] IUnknown:QueryInterface (in: This=0x104d4d8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ade70 | out: ppvObject=0x3ade70*=0x104d4d8) returned 0x0 [0038.849] IUnknown:QueryInterface (in: This=0x104d4d8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ade2c | out: ppvObject=0x3ade2c*=0x0) returned 0x80004002 [0038.850] IUnknown:QueryInterface (in: This=0x104d4d8, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3adc4c | out: ppvObject=0x3adc4c*=0x0) returned 0x80004002 [0038.850] IUnknown:AddRef (This=0x104d4d8) returned 0x3 [0038.850] IUnknown:QueryInterface (in: This=0x104d4d8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3ad78c | out: ppvObject=0x3ad78c*=0x0) returned 0x80004002 [0038.850] IUnknown:QueryInterface (in: This=0x104d4d8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3ad73c | out: ppvObject=0x3ad73c*=0x0) returned 0x80004002 [0038.850] IUnknown:QueryInterface (in: This=0x104d4d8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ad748 | out: ppvObject=0x3ad748*=0x104d4dc) returned 0x0 [0038.850] IMarshal:GetUnmarshalClass (in: This=0x104d4dc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3ad750 | out: pCid=0x3ad750*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0038.850] IUnknown:Release (This=0x104d4dc) returned 0x3 [0038.850] CoGetContextToken (in: pToken=0x3ad7a8 | out: pToken=0x3ad7a8) returned 0x0 [0038.850] CoGetContextToken (in: pToken=0x3adbb0 | out: pToken=0x3adbb0) returned 0x0 [0038.850] IUnknown:QueryInterface (in: This=0x104d4d8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3adc40 | out: ppvObject=0x3adc40*=0x0) returned 0x80004002 [0038.850] IUnknown:Release (This=0x104d4d8) returned 0x2 [0038.850] CoGetContextToken (in: pToken=0x3ae180 | out: pToken=0x3ae180) returned 0x0 [0038.850] CoGetContextToken (in: pToken=0x3ae0e0 | out: pToken=0x3ae0e0) returned 0x0 [0038.850] IUnknown:QueryInterface (in: This=0x104d4d8, riid=0x3ae1b0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ae1ac | out: ppvObject=0x3ae1ac*=0x104d4d8) returned 0x0 [0038.850] IUnknown:AddRef (This=0x104d4d8) returned 0x4 [0038.850] IUnknown:Release (This=0x104d4d8) returned 0x3 [0038.851] IUnknown:Release (This=0x104d4d8) returned 0x2 [0038.851] CoTaskMemFree (pv=0x7ee5f8) [0038.851] CoGetContextToken (in: pToken=0x3ae4f0 | out: pToken=0x3ae4f0) returned 0x0 [0038.851] IUnknown:AddRef (This=0x104d4d8) returned 0x3 [0038.851] CoTaskMemAlloc (cb=0x4) returned 0x7ee5f8 [0038.851] IEnumWbemClassObject:Next (in: This=0x104d49c, lTimeout=-1, uCount=0x1, apObjects=0x7ee5f8, puReturned=0x2832c74 | out: apObjects=0x7ee5f8*=0x0, puReturned=0x2832c74*=0x0) returned 0x1 [0038.852] CoTaskMemFree (pv=0x7ee5f8) [0038.852] CoGetContextToken (in: pToken=0x3ae660 | out: pToken=0x3ae660) returned 0x0 [0038.852] IUnknown:AddRef (This=0x104d3d4) returned 0x3 [0038.852] IEnumWbemClassObject:Clone (in: This=0x104d3d4, ppEnum=0x3ae820 | out: ppEnum=0x3ae820*=0x10501dc) returned 0x0 [0038.853] IUnknown:QueryInterface (in: This=0x10501dc, riid=0x741f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ae6e4 | out: ppvObject=0x3ae6e4*=0x10501e0) returned 0x0 [0038.853] IClientSecurity:QueryBlanket (in: This=0x10501e0, pProxy=0x10501dc, pAuthnSvc=0x3ae734, pAuthzSvc=0x3ae730, pServerPrincName=0x3ae728, pAuthnLevel=0x3ae72c, pImpLevel=0x3ae71c, pAuthInfo=0x3ae720, pCapabilites=0x3ae724 | out: pAuthnSvc=0x3ae734*=0xa, pAuthzSvc=0x3ae730*=0x0, pServerPrincName=0x3ae728, pAuthnLevel=0x3ae72c*=0x6, pImpLevel=0x3ae71c*=0x2, pAuthInfo=0x3ae720, pCapabilites=0x3ae724*=0x1) returned 0x0 [0038.853] IUnknown:Release (This=0x10501e0) returned 0x1 [0038.853] IUnknown:QueryInterface (in: This=0x10501dc, riid=0x741f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ae6d8 | out: ppvObject=0x3ae6d8*=0x81fdac) returned 0x0 [0038.853] IUnknown:QueryInterface (in: This=0x10501dc, riid=0x741f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ae6d4 | out: ppvObject=0x3ae6d4*=0x10501e0) returned 0x0 [0038.853] IClientSecurity:SetBlanket (This=0x10501e0, pProxy=0x10501dc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0038.854] IUnknown:Release (This=0x10501e0) returned 0x2 [0038.854] WbemLocator:IUnknown:Release (This=0x81fdac) returned 0x1 [0038.854] CoTaskMemFree (pv=0x81c408) [0038.855] IUnknown:QueryInterface (in: This=0x10501dc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ae2c0 | out: ppvObject=0x3ae2c0*=0x81fdac) returned 0x0 [0038.855] WbemLocator:IUnknown:QueryInterface (in: This=0x81fdac, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ae27c | out: ppvObject=0x3ae27c*=0x0) returned 0x80004002 [0038.855] WbemLocator:IUnknown:QueryInterface (in: This=0x81fdac, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3ae09c | out: ppvObject=0x3ae09c*=0x0) returned 0x80004002 [0038.856] WbemLocator:IUnknown:AddRef (This=0x81fdac) returned 0x3 [0038.856] WbemLocator:IUnknown:QueryInterface (in: This=0x81fdac, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3adbdc | out: ppvObject=0x3adbdc*=0x0) returned 0x80004002 [0038.856] WbemLocator:IUnknown:QueryInterface (in: This=0x81fdac, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3adb8c | out: ppvObject=0x3adb8c*=0x0) returned 0x80004002 [0038.858] WbemLocator:IUnknown:QueryInterface (in: This=0x81fdac, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3adb98 | out: ppvObject=0x3adb98*=0x81fd0c) returned 0x0 [0038.858] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x81fd0c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3adba0 | out: pCid=0x3adba0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0038.858] WbemLocator:IUnknown:Release (This=0x81fd0c) returned 0x3 [0038.858] CoGetContextToken (in: pToken=0x3adbf8 | out: pToken=0x3adbf8) returned 0x0 [0038.858] CoGetContextToken (in: pToken=0x3ae000 | out: pToken=0x3ae000) returned 0x0 [0038.858] WbemLocator:IUnknown:QueryInterface (in: This=0x81fdac, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ae090 | out: ppvObject=0x3ae090*=0x81fd94) returned 0x0 [0038.858] WbemLocator:IRpcOptions:Query (in: This=0x81fd94, pPrx=0x81fdac, dwProperty=2, pdwValue=0x3ae0b8 | out: pdwValue=0x3ae0b8) returned 0x80004002 [0038.858] WbemLocator:IUnknown:Release (This=0x81fd94) returned 0x3 [0038.858] WbemLocator:IUnknown:Release (This=0x81fdac) returned 0x2 [0038.858] CoGetContextToken (in: pToken=0x3ae5d0 | out: pToken=0x3ae5d0) returned 0x0 [0038.858] CoGetContextToken (in: pToken=0x3ae530 | out: pToken=0x3ae530) returned 0x0 [0038.858] WbemLocator:IUnknown:QueryInterface (in: This=0x81fdac, riid=0x3ae600*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3ae5fc | out: ppvObject=0x3ae5fc*=0x10501dc) returned 0x0 [0038.858] IUnknown:AddRef (This=0x10501dc) returned 0x4 [0038.858] IUnknown:Release (This=0x10501dc) returned 0x3 [0038.858] IUnknown:Release (This=0x10501dc) returned 0x2 [0038.858] IUnknown:Release (This=0x104d3d4) returned 0x2 [0038.858] SysStringLen (param_1=0x0) returned 0x0 [0038.858] IEnumWbemClassObject:Reset (This=0x10501dc) returned 0x0 [0038.859] CoTaskMemAlloc (cb=0x4) returned 0x7ee628 [0038.859] IEnumWbemClassObject:Next (in: This=0x10501dc, lTimeout=-1, uCount=0x1, apObjects=0x7ee628, puReturned=0x2832d58 | out: apObjects=0x7ee628*=0x1050218, puReturned=0x2832d58*=0x1) returned 0x0 [0038.861] IUnknown:QueryInterface (in: This=0x1050218, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ade80 | out: ppvObject=0x3ade80*=0x1050218) returned 0x0 [0038.861] IUnknown:QueryInterface (in: This=0x1050218, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3ade3c | out: ppvObject=0x3ade3c*=0x0) returned 0x80004002 [0038.861] IUnknown:QueryInterface (in: This=0x1050218, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3adc5c | out: ppvObject=0x3adc5c*=0x0) returned 0x80004002 [0038.861] IUnknown:AddRef (This=0x1050218) returned 0x3 [0038.861] IUnknown:QueryInterface (in: This=0x1050218, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3ad79c | out: ppvObject=0x3ad79c*=0x0) returned 0x80004002 [0038.861] IUnknown:QueryInterface (in: This=0x1050218, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3ad74c | out: ppvObject=0x3ad74c*=0x0) returned 0x80004002 [0038.861] IUnknown:QueryInterface (in: This=0x1050218, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ad758 | out: ppvObject=0x3ad758*=0x105021c) returned 0x0 [0038.861] IMarshal:GetUnmarshalClass (in: This=0x105021c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3ad760 | out: pCid=0x3ad760*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0038.862] IUnknown:Release (This=0x105021c) returned 0x3 [0038.862] CoGetContextToken (in: pToken=0x3ad7b8 | out: pToken=0x3ad7b8) returned 0x0 [0038.862] CoGetContextToken (in: pToken=0x3adbc0 | out: pToken=0x3adbc0) returned 0x0 [0038.862] IUnknown:QueryInterface (in: This=0x1050218, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3adc50 | out: ppvObject=0x3adc50*=0x0) returned 0x80004002 [0038.862] IUnknown:Release (This=0x1050218) returned 0x2 [0038.862] CoGetContextToken (in: pToken=0x3ae190 | out: pToken=0x3ae190) returned 0x0 [0038.862] CoGetContextToken (in: pToken=0x3ae0f0 | out: pToken=0x3ae0f0) returned 0x0 [0038.862] IUnknown:QueryInterface (in: This=0x1050218, riid=0x3ae1c0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3ae1bc | out: ppvObject=0x3ae1bc*=0x1050218) returned 0x0 [0038.862] IUnknown:AddRef (This=0x1050218) returned 0x4 [0038.862] IUnknown:Release (This=0x1050218) returned 0x3 [0038.862] IUnknown:Release (This=0x1050218) returned 0x2 [0038.862] CoTaskMemFree (pv=0x7ee628) [0038.862] CoGetContextToken (in: pToken=0x3ae500 | out: pToken=0x3ae500) returned 0x0 [0038.862] IUnknown:AddRef (This=0x1050218) returned 0x3 [0038.863] IWbemClassObject:Get (in: This=0x1050218, wszName="__GENUS", lFlags=0, pVal=0x3ae810*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3ae890*=0, plFlavor=0x3ae88c*=0 | out: pVal=0x3ae810*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3ae890*=3, plFlavor=0x3ae88c*=64) returned 0x0 [0038.864] IWbemClassObject:Get (in: This=0x1050218, wszName="__PATH", lFlags=0, pVal=0x3ae7f4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3ae878*=0, plFlavor=0x3ae874*=0 | out: pVal=0x3ae7f4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"", varVal2=0x0), pType=0x3ae878*=8, plFlavor=0x3ae874*=64) returned 0x0 [0038.864] SysStringByteLen (bstr="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"") returned 0x7e [0038.864] SysStringByteLen (bstr="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"") returned 0x7e [0038.864] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x320 [0038.864] SetEvent (hEvent=0x254) returned 1 [0038.864] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x3ae7cc*=0x320, lpdwindex=0x3ae5ec | out: lpdwindex=0x3ae5ec) returned 0x0 [0038.867] CoGetContextToken (in: pToken=0x3ae698 | out: pToken=0x3ae698) returned 0x0 [0038.867] CoGetContextToken (in: pToken=0x3ae5f8 | out: pToken=0x3ae5f8) returned 0x0 [0038.867] WbemDefPath:IUnknown:QueryInterface (in: This=0x104ca30, riid=0x3ae6c8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3ae6c4 | out: ppvObject=0x3ae6c4*=0x104ca30) returned 0x0 [0038.867] WbemDefPath:IUnknown:AddRef (This=0x104ca30) returned 0x3 [0038.867] WbemDefPath:IUnknown:Release (This=0x104ca30) returned 0x2 [0038.867] WbemDefPath:IWbemPath:SetText (This=0x104ca30, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"") returned 0x0 [0038.867] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1040998, puCount=0x3ae84c | out: puCount=0x3ae84c*=0x2) returned 0x0 [0038.867] WbemDefPath:IWbemPath:GetText (in: This=0x1040998, lFlags=4, puBuffLength=0x3ae848*=0x0, pszText=0x0 | out: puBuffLength=0x3ae848*=0xf, pszText=0x0) returned 0x0 [0038.867] WbemDefPath:IWbemPath:GetText (in: This=0x1040998, lFlags=4, puBuffLength=0x3ae848*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ae848*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0038.868] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1040998, puCount=0x3ae840 | out: puCount=0x3ae840*=0x2) returned 0x0 [0038.868] WbemDefPath:IWbemPath:GetText (in: This=0x1040998, lFlags=4, puBuffLength=0x3ae83c*=0x0, pszText=0x0 | out: puBuffLength=0x3ae83c*=0xf, pszText=0x0) returned 0x0 [0038.868] WbemDefPath:IWbemPath:GetText (in: This=0x1040998, lFlags=4, puBuffLength=0x3ae83c*=0xf, pszText="00000000000000" | out: puBuffLength=0x3ae83c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0038.868] IWbemClassObject:Get (in: This=0x1050218, wszName="Name", lFlags=0, pVal=0x3ae83c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2833640*=0, plFlavor=0x2833644*=0 | out: pVal=0x3ae83c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x2833640*=8, plFlavor=0x2833644*=32) returned 0x0 [0038.868] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0038.868] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0038.869] IWbemClassObject:Get (in: This=0x1050218, wszName="Name", lFlags=0, pVal=0x3ae844*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2833640*=8, plFlavor=0x2833644*=32 | out: pVal=0x3ae844*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x2833640*=8, plFlavor=0x2833644*=32) returned 0x0 [0038.869] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0038.869] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0040.698] CoTaskMemAlloc (cb=0x20c) returned 0x825478 [0040.698] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x825478 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0040.702] CoTaskMemFree (pv=0x825478) [0040.703] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x3ae368, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0040.703] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bytes.file", nBufferLength=0x105, lpBuffer=0x3ae400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bytes.file", lpFilePart=0x0) returned 0x30 [0040.703] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ae860) returned 1 [0040.703] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bytes.file" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bytes.file"), fInfoLevelId=0x0, lpFileInformation=0x3ae8dc | out: lpFileInformation=0x3ae8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0040.703] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ae85c) returned 1 [0040.716] GetCurrentProcess () returned 0xffffffff [0040.716] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ae894 | out: TokenHandle=0x3ae894*=0x348) returned 1 [0040.722] GetTokenInformation (in: TokenHandle=0x348, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x3ae894 | out: TokenInformation=0x0, ReturnLength=0x3ae894) returned 0 [0040.722] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x824f08 [0040.722] GetTokenInformation (in: TokenHandle=0x348, TokenInformationClass=0x8, TokenInformation=0x824f08, TokenInformationLength=0x4, ReturnLength=0x3ae894 | out: TokenInformation=0x824f08, ReturnLength=0x3ae894) returned 1 [0040.725] LocalFree (hMem=0x824f08) returned 0x0 [0040.725] DuplicateTokenEx (in: hExistingToken=0x348, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x3ae89c | out: phNewToken=0x3ae89c*=0x344) returned 1 [0040.726] CheckTokenMembership (in: TokenHandle=0x344, SidToCheck=0x2834f68*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x3ae8ac | out: IsMember=0x3ae8ac) returned 1 [0040.726] CloseHandle (hObject=0x344) returned 1 [0040.730] GetCurrentProcess () returned 0xffffffff [0040.730] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ae894 | out: TokenHandle=0x3ae894*=0x344) returned 1 [0040.730] GetTokenInformation (in: TokenHandle=0x344, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x3ae894 | out: TokenInformation=0x0, ReturnLength=0x3ae894) returned 0 [0040.730] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x824f08 [0040.730] GetTokenInformation (in: TokenHandle=0x344, TokenInformationClass=0x8, TokenInformation=0x824f08, TokenInformationLength=0x4, ReturnLength=0x3ae894 | out: TokenInformation=0x824f08, ReturnLength=0x3ae894) returned 1 [0040.730] LocalFree (hMem=0x824f08) returned 0x0 [0040.730] DuplicateTokenEx (in: hExistingToken=0x344, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x3ae89c | out: phNewToken=0x3ae89c*=0x34c) returned 1 [0040.730] CheckTokenMembership (in: TokenHandle=0x34c, SidToCheck=0x283546c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x3ae8ac | out: IsMember=0x3ae8ac) returned 1 [0040.730] CloseHandle (hObject=0x34c) returned 1 [0040.740] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Defender\\Features", ulOptions=0x0, samDesired=0x2001f, phkResult=0x3ae874 | out: phkResult=0x3ae874*=0x0) returned 0x2 [0040.741] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Defender\\Features", ulOptions=0x0, samDesired=0x2001f, phkResult=0x3ae838 | out: phkResult=0x3ae838*=0x0) returned 0x2 [0040.741] RegCreateKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Defender\\Features", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2001f, lpSecurityAttributes=0x0, phkResult=0x3ae834, lpdwDisposition=0x3ae8bc | out: phkResult=0x3ae834*=0x34c, lpdwDisposition=0x3ae8bc*=0x1) returned 0x0 [0040.743] RegQueryValueExW (in: hKey=0x34c, lpValueName="TamperProtection", lpReserved=0x0, lpType=0x3ae890, lpData=0x0, lpcbData=0x3ae88c*=0x0 | out: lpType=0x3ae890*=0x0, lpData=0x0, lpcbData=0x3ae88c*=0x0) returned 0x2 [0040.745] RegSetValueExW (in: hKey=0x34c, lpValueName="TamperProtection", Reserved=0x0, dwType=0x4, lpData=0x3ae8ac*=0x0, cbData=0x4 | out: lpData=0x3ae8ac*=0x0) returned 0x0 [0040.745] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender", ulOptions=0x0, samDesired=0x2001f, phkResult=0x3ae874 | out: phkResult=0x3ae874*=0x0) returned 0x2 [0040.745] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender", ulOptions=0x0, samDesired=0x2001f, phkResult=0x3ae838 | out: phkResult=0x3ae838*=0x0) returned 0x2 [0040.745] RegCreateKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2001f, lpSecurityAttributes=0x0, phkResult=0x3ae834, lpdwDisposition=0x3ae8bc | out: phkResult=0x3ae834*=0x350, lpdwDisposition=0x3ae8bc*=0x1) returned 0x0 [0040.747] RegQueryValueExW (in: hKey=0x350, lpValueName="DisableAntiSpyware", lpReserved=0x0, lpType=0x3ae890, lpData=0x0, lpcbData=0x3ae88c*=0x0 | out: lpType=0x3ae890*=0x0, lpData=0x0, lpcbData=0x3ae88c*=0x0) returned 0x2 [0040.747] RegSetValueExW (in: hKey=0x350, lpValueName="DisableAntiSpyware", Reserved=0x0, dwType=0x4, lpData=0x3ae8ac*=0x1, cbData=0x4 | out: lpData=0x3ae8ac*=0x1) returned 0x0 [0040.747] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", ulOptions=0x0, samDesired=0x2001f, phkResult=0x3ae874 | out: phkResult=0x3ae874*=0x0) returned 0x2 [0040.747] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", ulOptions=0x0, samDesired=0x2001f, phkResult=0x3ae838 | out: phkResult=0x3ae838*=0x0) returned 0x2 [0040.747] RegCreateKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2001f, lpSecurityAttributes=0x0, phkResult=0x3ae834, lpdwDisposition=0x3ae8bc | out: phkResult=0x3ae834*=0x354, lpdwDisposition=0x3ae8bc*=0x1) returned 0x0 [0040.748] RegQueryValueExW (in: hKey=0x354, lpValueName="DisableBehaviorMonitoring", lpReserved=0x0, lpType=0x3ae890, lpData=0x0, lpcbData=0x3ae88c*=0x0 | out: lpType=0x3ae890*=0x0, lpData=0x0, lpcbData=0x3ae88c*=0x0) returned 0x2 [0040.748] RegSetValueExW (in: hKey=0x354, lpValueName="DisableBehaviorMonitoring", Reserved=0x0, dwType=0x4, lpData=0x3ae8ac*=0x1, cbData=0x4 | out: lpData=0x3ae8ac*=0x1) returned 0x0 [0040.748] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", ulOptions=0x0, samDesired=0x2001f, phkResult=0x3ae874 | out: phkResult=0x3ae874*=0x358) returned 0x0 [0040.748] RegQueryValueExW (in: hKey=0x358, lpValueName="DisableOnAccessProtection", lpReserved=0x0, lpType=0x3ae8a8, lpData=0x0, lpcbData=0x3ae8a4*=0x0 | out: lpType=0x3ae8a8*=0x0, lpData=0x0, lpcbData=0x3ae8a4*=0x0) returned 0x2 [0040.748] RegQueryValueExW (in: hKey=0x358, lpValueName="DisableOnAccessProtection", lpReserved=0x0, lpType=0x3ae890, lpData=0x0, lpcbData=0x3ae88c*=0x0 | out: lpType=0x3ae890*=0x0, lpData=0x0, lpcbData=0x3ae88c*=0x0) returned 0x2 [0040.748] RegSetValueExW (in: hKey=0x358, lpValueName="DisableOnAccessProtection", Reserved=0x0, dwType=0x4, lpData=0x3ae8ac*=0x1, cbData=0x4 | out: lpData=0x3ae8ac*=0x1) returned 0x0 [0040.749] RegCloseKey (hKey=0x358) returned 0x0 [0040.749] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", ulOptions=0x0, samDesired=0x2001f, phkResult=0x3ae874 | out: phkResult=0x3ae874*=0x358) returned 0x0 [0040.750] RegQueryValueExW (in: hKey=0x358, lpValueName="DisableScanOnRealtimeEnable", lpReserved=0x0, lpType=0x3ae8a8, lpData=0x0, lpcbData=0x3ae8a4*=0x0 | out: lpType=0x3ae8a8*=0x0, lpData=0x0, lpcbData=0x3ae8a4*=0x0) returned 0x2 [0040.750] RegQueryValueExW (in: hKey=0x358, lpValueName="DisableScanOnRealtimeEnable", lpReserved=0x0, lpType=0x3ae890, lpData=0x0, lpcbData=0x3ae88c*=0x0 | out: lpType=0x3ae890*=0x0, lpData=0x0, lpcbData=0x3ae88c*=0x0) returned 0x2 [0040.750] RegSetValueExW (in: hKey=0x358, lpValueName="DisableScanOnRealtimeEnable", Reserved=0x0, dwType=0x4, lpData=0x3ae8ac*=0x1, cbData=0x4 | out: lpData=0x3ae8ac*=0x1) returned 0x0 [0040.750] RegCloseKey (hKey=0x358) returned 0x0 [0041.290] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0041.290] CreatePipe (in: hReadPipe=0x3ae7b8, hWritePipe=0x3ae7b4, lpPipeAttributes=0x3ae738, nSize=0x0 | out: hReadPipe=0x3ae7b8*=0x35c, hWritePipe=0x3ae7b4*=0x360) returned 1 [0041.291] GetCurrentProcess () returned 0xffffffff [0041.291] GetCurrentProcess () returned 0xffffffff [0041.291] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x35c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x3ae7bc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3ae7bc*=0x364) returned 1 [0041.291] CloseHandle (hObject=0x35c) returned 1 [0041.292] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0041.292] CoTaskMemAlloc (cb=0x20e) returned 0x825478 [0041.292] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x825478 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0041.292] CoTaskMemFree (pv=0x825478) [0041.302] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"powershell\" Get-MpPreference -verbose", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x3ae6f4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x360, hStdError=0x0), lpProcessInformation=0x283716c | out: lpCommandLine="\"powershell\" Get-MpPreference -verbose", lpProcessInformation=0x283716c*(hProcess=0x368, hThread=0x35c, dwProcessId=0x670, dwThreadId=0x32c)) returned 1 [0041.319] CloseHandle (hObject=0x360) returned 1 [0041.451] GetFileType (hFile=0x364) returned 0x3 [0041.452] CloseHandle (hObject=0x35c) returned 1 [0041.479] ReadFile (in: hFile=0x364, lpBuffer=0x2837dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae874, lpOverlapped=0x0 | out: lpBuffer=0x2837dac*, lpNumberOfBytesRead=0x3ae874*=0x4f, lpOverlapped=0x0) returned 1 [0050.179] ReadFile (in: hFile=0x364, lpBuffer=0x2837dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae864, lpOverlapped=0x0 | out: lpBuffer=0x2837dac*, lpNumberOfBytesRead=0x3ae864*=0x1, lpOverlapped=0x0) returned 1 [0050.181] ReadFile (in: hFile=0x364, lpBuffer=0x2837dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae874, lpOverlapped=0x0 | out: lpBuffer=0x2837dac*, lpNumberOfBytesRead=0x3ae874*=0x4f, lpOverlapped=0x0) returned 1 [0050.346] ReadFile (in: hFile=0x364, lpBuffer=0x2837dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae864, lpOverlapped=0x0 | out: lpBuffer=0x2837dac*, lpNumberOfBytesRead=0x3ae864*=0x1, lpOverlapped=0x0) returned 1 [0050.355] ReadFile (in: hFile=0x364, lpBuffer=0x2837dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae874, lpOverlapped=0x0 | out: lpBuffer=0x2837dac*, lpNumberOfBytesRead=0x3ae874*=0x3e, lpOverlapped=0x0) returned 1 [0050.377] ReadFile (in: hFile=0x364, lpBuffer=0x2837dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae864, lpOverlapped=0x0 | out: lpBuffer=0x2837dac*, lpNumberOfBytesRead=0x3ae864*=0x1, lpOverlapped=0x0) returned 1 [0050.386] ReadFile (in: hFile=0x364, lpBuffer=0x2837dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae874, lpOverlapped=0x0 | out: lpBuffer=0x2837dac*, lpNumberOfBytesRead=0x3ae874*=0x11, lpOverlapped=0x0) returned 1 [0050.406] ReadFile (in: hFile=0x364, lpBuffer=0x2837dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae864, lpOverlapped=0x0 | out: lpBuffer=0x2837dac*, lpNumberOfBytesRead=0x3ae864*=0x1, lpOverlapped=0x0) returned 1 [0050.415] ReadFile (in: hFile=0x364, lpBuffer=0x2837dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae874, lpOverlapped=0x0 | out: lpBuffer=0x2837dac*, lpNumberOfBytesRead=0x3ae874*=0x21, lpOverlapped=0x0) returned 1 [0050.435] ReadFile (in: hFile=0x364, lpBuffer=0x2837dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae864, lpOverlapped=0x0 | out: lpBuffer=0x2837dac*, lpNumberOfBytesRead=0x3ae864*=0x1, lpOverlapped=0x0) returned 1 [0050.444] ReadFile (in: hFile=0x364, lpBuffer=0x2837dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae874, lpOverlapped=0x0 | out: lpBuffer=0x2837dac*, lpNumberOfBytesRead=0x3ae874*=0x4f, lpOverlapped=0x0) returned 1 [0050.464] ReadFile (in: hFile=0x364, lpBuffer=0x2837dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae864, lpOverlapped=0x0 | out: lpBuffer=0x2837dac*, lpNumberOfBytesRead=0x3ae864*=0x1, lpOverlapped=0x0) returned 1 [0050.473] ReadFile (in: hFile=0x364, lpBuffer=0x2837dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae874, lpOverlapped=0x0 | out: lpBuffer=0x2837dac*, lpNumberOfBytesRead=0x3ae874*=0x19, lpOverlapped=0x0) returned 1 [0050.492] ReadFile (in: hFile=0x364, lpBuffer=0x2837dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae864, lpOverlapped=0x0 | out: lpBuffer=0x2837dac*, lpNumberOfBytesRead=0x3ae864*=0x1, lpOverlapped=0x0) returned 1 [0050.501] ReadFile (in: hFile=0x364, lpBuffer=0x2837dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae874, lpOverlapped=0x0 | out: lpBuffer=0x2837dac*, lpNumberOfBytesRead=0x3ae874*=0x36, lpOverlapped=0x0) returned 1 [0050.521] ReadFile (in: hFile=0x364, lpBuffer=0x2837dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae864, lpOverlapped=0x0 | out: lpBuffer=0x2837dac*, lpNumberOfBytesRead=0x3ae864*=0x1, lpOverlapped=0x0) returned 1 [0050.529] ReadFile (in: hFile=0x364, lpBuffer=0x2837dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae874, lpOverlapped=0x0 | out: lpBuffer=0x2837dac*, lpNumberOfBytesRead=0x3ae874*=0x1, lpOverlapped=0x0) returned 1 [0050.549] ReadFile (in: hFile=0x364, lpBuffer=0x2837dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae864, lpOverlapped=0x0 | out: lpBuffer=0x2837dac*, lpNumberOfBytesRead=0x3ae864*=0x1, lpOverlapped=0x0) returned 1 [0050.558] ReadFile (in: hFile=0x364, lpBuffer=0x2837dac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae874, lpOverlapped=0x0 | out: lpBuffer=0x2837dac, lpNumberOfBytesRead=0x3ae874*=0x0, lpOverlapped=0x0) returned 0 [0050.850] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae3a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0050.850] GetFullPathNameW (in: lpFileName="C:\\5p5NrGJn0jS HALPmcxz\\Rznd123\\local.exe", nBufferLength=0x105, lpBuffer=0x3ae3a8, lpFilePart=0x0 | out: lpBuffer="C:\\5p5NrGJn0jS HALPmcxz\\Rznd123\\local.exe", lpFilePart=0x0) returned 0x29 [0050.851] GetCurrentProcessId () returned 0x5e0 [0050.854] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x5e0) returned 0x35c [0050.860] EnumProcessModules (in: hProcess=0x35c, lphModule=0x283d75c, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x283d75c, lpcbNeeded=0x3ae870) returned 1 [0050.862] GetModuleInformation (in: hProcess=0x35c, hModule=0x13e0000, lpmodinfo=0x283d89c, cb=0xc | out: lpmodinfo=0x283d89c*(lpBaseOfDll=0x13e0000, SizeOfImage=0x1a000, EntryPoint=0x13f40fe)) returned 1 [0050.862] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0050.862] GetModuleBaseNameW (in: hProcess=0x35c, hModule=0x13e0000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="WinUpdt.exe") returned 0xb [0050.863] CoTaskMemFree (pv=0x8280a0) [0050.863] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0050.863] GetModuleFileNameExW (in: hProcess=0x35c, hModule=0x13e0000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WinUpdt.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\winupdt.exe")) returned 0x31 [0050.863] CoTaskMemFree (pv=0x8280a0) [0050.863] CloseHandle (hObject=0x35c) returned 1 [0050.863] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0050.864] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0051.865] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0052.879] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0053.894] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0054.907] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0055.924] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0056.935] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0057.949] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0058.963] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0059.977] SleepEx (dwMilliseconds=0x3e8, bAlertable=1) returned 0x0 [0061.012] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x403aa70, Length=0x20000, ResultLength=0x3ae878 | out: SystemInformation=0x403aa70, ResultLength=0x3ae878*=0xd3c0) returned 0x0 [0061.043] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x560) returned 0x1e8 [0061.043] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x285e1d0, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x285e1d0, lpcbNeeded=0x3ae870) returned 1 [0061.045] GetModuleInformation (in: hProcess=0x1e8, hModule=0x13d0000, lpmodinfo=0x285e310, cb=0xc | out: lpmodinfo=0x285e310*(lpBaseOfDll=0x13d0000, SizeOfImage=0x17000, EntryPoint=0x13d14a1)) returned 1 [0061.045] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.045] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0x13d0000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="malesfritelevision.exe") returned 0x16 [0061.046] CoTaskMemFree (pv=0x7c1180) [0061.046] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.046] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0x13d0000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows NT\\malesfritelevision.exe" (normalized: "c:\\program files\\windows nt\\malesfritelevision.exe")) returned 0x32 [0061.046] CoTaskMemFree (pv=0x7c1180) [0061.046] CloseHandle (hObject=0x1e8) returned 1 [0061.046] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.047] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9fc) returned 0x1e8 [0061.047] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x2860614, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x2860614, lpcbNeeded=0x3ae870) returned 1 [0061.048] GetModuleInformation (in: hProcess=0x1e8, hModule=0x1220000, lpmodinfo=0x2860754, cb=0xc | out: lpmodinfo=0x2860754*(lpBaseOfDll=0x1220000, SizeOfImage=0x17000, EntryPoint=0x12214a1)) returned 1 [0061.048] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.048] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0x1220000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="omnipos.exe") returned 0xb [0061.048] CoTaskMemFree (pv=0x7c1180) [0061.048] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.048] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0x1220000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files\\Uninstall Information\\omnipos.exe" (normalized: "c:\\program files\\uninstall information\\omnipos.exe")) returned 0x32 [0061.049] CoTaskMemFree (pv=0x7c1180) [0061.049] CloseHandle (hObject=0x1e8) returned 1 [0061.049] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.049] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7ac) returned 0x1e8 [0061.049] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x2862a40, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x2862a40, lpcbNeeded=0x3ae870) returned 1 [0061.050] GetModuleInformation (in: hProcess=0x1e8, hModule=0x870000, lpmodinfo=0x2862b80, cb=0xc | out: lpmodinfo=0x2862b80*(lpBaseOfDll=0x870000, SizeOfImage=0x17000, EntryPoint=0x8714a1)) returned 1 [0061.051] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.051] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0x870000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="fling.exe") returned 0x9 [0061.051] CoTaskMemFree (pv=0x7c1180) [0061.051] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.051] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0x870000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\fling.exe" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\fling.exe")) returned 0x3a [0061.051] CoTaskMemFree (pv=0x7c1180) [0061.051] CloseHandle (hObject=0x1e8) returned 1 [0061.051] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.051] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7a8) returned 0x1e8 [0061.052] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x2864e78, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x2864e78, lpcbNeeded=0x3ae870) returned 1 [0061.053] GetModuleInformation (in: hProcess=0x1e8, hModule=0xa40000, lpmodinfo=0x2864fb8, cb=0xc | out: lpmodinfo=0x2864fb8*(lpBaseOfDll=0xa40000, SizeOfImage=0x17000, EntryPoint=0xa414a1)) returned 1 [0061.053] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.053] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0xa40000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="defence.exe") returned 0xb [0061.053] CoTaskMemFree (pv=0x7c1180) [0061.053] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.053] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0xa40000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files\\MSBuild\\defence.exe" (normalized: "c:\\program files\\msbuild\\defence.exe")) returned 0x24 [0061.054] CoTaskMemFree (pv=0x7c1180) [0061.054] CloseHandle (hObject=0x1e8) returned 1 [0061.054] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.054] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x868) returned 0x1e8 [0061.054] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x2867288, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x2867288, lpcbNeeded=0x3ae870) returned 1 [0061.055] GetModuleInformation (in: hProcess=0x1e8, hModule=0x310000, lpmodinfo=0x28673c8, cb=0xc | out: lpmodinfo=0x28673c8*(lpBaseOfDll=0x310000, SizeOfImage=0x17000, EntryPoint=0x3114a1)) returned 1 [0061.055] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.055] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0x310000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="pidgin.exe") returned 0xa [0061.055] CoTaskMemFree (pv=0x7c1180) [0061.055] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.055] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0x310000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files\\Microsoft SQL Server Compact Edition\\pidgin.exe" (normalized: "c:\\program files\\microsoft sql server compact edition\\pidgin.exe")) returned 0x40 [0061.056] CoTaskMemFree (pv=0x7c1180) [0061.056] CloseHandle (hObject=0x1e8) returned 1 [0061.056] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.056] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x92c) returned 0x1e8 [0061.056] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x28696d0, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28696d0, lpcbNeeded=0x3ae870) returned 1 [0061.057] GetModuleInformation (in: hProcess=0x1e8, hModule=0x9e0000, lpmodinfo=0x2869810, cb=0xc | out: lpmodinfo=0x2869810*(lpBaseOfDll=0x9e0000, SizeOfImage=0x17000, EntryPoint=0x9e14a1)) returned 1 [0061.057] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.057] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0x9e0000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="yahoomessenger.exe") returned 0x12 [0061.057] CoTaskMemFree (pv=0x7c1180) [0061.057] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.058] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0x9e0000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Portable Devices\\yahoomessenger.exe" (normalized: "c:\\program files\\windows portable devices\\yahoomessenger.exe")) returned 0x3c [0061.058] CoTaskMemFree (pv=0x7c1180) [0061.058] CloseHandle (hObject=0x1e8) returned 1 [0061.058] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.058] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x178) returned 0x1e8 [0061.058] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x286bb20, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x286bb20, lpcbNeeded=0x3ae870) returned 0 [0061.058] GetCurrentProcessId () returned 0x5e0 [0061.058] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e0) returned 0x1e4 [0061.065] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.065] IsWow64Process (in: hProcess=0x1e8, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.096] CloseHandle (hObject=0x1e4) returned 1 [0061.096] CloseHandle (hObject=0x1e8) returned 1 [0061.096] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x23c) returned 0x1e8 [0061.096] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x286d0f0, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x286d0f0, lpcbNeeded=0x3ae870) returned 1 [0061.097] GetModuleInformation (in: hProcess=0x1e8, hModule=0xe80000, lpmodinfo=0x286d230, cb=0xc | out: lpmodinfo=0x286d230*(lpBaseOfDll=0xe80000, SizeOfImage=0x17000, EntryPoint=0xe814a1)) returned 1 [0061.098] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.098] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0xe80000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="diversity.exe") returned 0xd [0061.098] CoTaskMemFree (pv=0x7c1180) [0061.098] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.098] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0xe80000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files\\MSBuild\\diversity.exe" (normalized: "c:\\program files\\msbuild\\diversity.exe")) returned 0x26 [0061.098] CoTaskMemFree (pv=0x7c1180) [0061.098] CloseHandle (hObject=0x1e8) returned 1 [0061.098] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.098] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9ec) returned 0x1e8 [0061.099] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x286f508, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x286f508, lpcbNeeded=0x3ae870) returned 1 [0061.100] GetModuleInformation (in: hProcess=0x1e8, hModule=0x100000, lpmodinfo=0x286f648, cb=0xc | out: lpmodinfo=0x286f648*(lpBaseOfDll=0x100000, SizeOfImage=0x17000, EntryPoint=0x1014a1)) returned 1 [0061.100] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.100] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0x100000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="mxslipstream.exe") returned 0x10 [0061.100] CoTaskMemFree (pv=0x7c1180) [0061.100] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.100] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0x100000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Common Files\\mxslipstream.exe" (normalized: "c:\\program files (x86)\\common files\\mxslipstream.exe")) returned 0x34 [0061.101] CoTaskMemFree (pv=0x7c1180) [0061.101] CloseHandle (hObject=0x1e8) returned 1 [0061.101] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.101] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x484) returned 0x1e8 [0061.101] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x2871944, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x2871944, lpcbNeeded=0x3ae870) returned 1 [0061.102] GetModuleInformation (in: hProcess=0x1e8, hModule=0xe20000, lpmodinfo=0x2871a84, cb=0xc | out: lpmodinfo=0x2871a84*(lpBaseOfDll=0xe20000, SizeOfImage=0x17000, EntryPoint=0xe214a1)) returned 1 [0061.103] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.103] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0xe20000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="filezilla.exe") returned 0xd [0061.103] CoTaskMemFree (pv=0x7c1180) [0061.103] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.103] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0xe20000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Google\\filezilla.exe" (normalized: "c:\\program files (x86)\\google\\filezilla.exe")) returned 0x2b [0061.103] CoTaskMemFree (pv=0x7c1180) [0061.103] CloseHandle (hObject=0x1e8) returned 1 [0061.103] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.103] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x184) returned 0x1e8 [0061.103] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x2873d64, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x2873d64, lpcbNeeded=0x3ae870) returned 0 [0061.104] GetCurrentProcessId () returned 0x5e0 [0061.104] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e0) returned 0x1e4 [0061.104] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.104] IsWow64Process (in: hProcess=0x1e8, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.105] CloseHandle (hObject=0x1e4) returned 1 [0061.105] CloseHandle (hObject=0x1e8) returned 1 [0061.105] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x91c) returned 0x1e8 [0061.105] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x2873ff4, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x2873ff4, lpcbNeeded=0x3ae870) returned 1 [0061.106] GetModuleInformation (in: hProcess=0x1e8, hModule=0x11c0000, lpmodinfo=0x2874134, cb=0xc | out: lpmodinfo=0x2874134*(lpBaseOfDll=0x11c0000, SizeOfImage=0x17000, EntryPoint=0x11c14a1)) returned 1 [0061.107] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.107] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0x11c0000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="winscp.exe") returned 0xa [0061.107] CoTaskMemFree (pv=0x7c1180) [0061.107] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.107] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0x11c0000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files\\Reference Assemblies\\winscp.exe" (normalized: "c:\\program files\\reference assemblies\\winscp.exe")) returned 0x30 [0061.107] CoTaskMemFree (pv=0x7c1180) [0061.107] CloseHandle (hObject=0x1e8) returned 1 [0061.107] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.108] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x790) returned 0x1e8 [0061.108] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x287641c, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x287641c, lpcbNeeded=0x3ae870) returned 1 [0061.109] GetModuleInformation (in: hProcess=0x1e8, hModule=0x3f0000, lpmodinfo=0x287655c, cb=0xc | out: lpmodinfo=0x287655c*(lpBaseOfDll=0x3f0000, SizeOfImage=0x17000, EntryPoint=0x3f14a1)) returned 1 [0061.109] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.109] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0x3f0000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="defects.exe") returned 0xb [0061.109] CoTaskMemFree (pv=0x7c1180) [0061.109] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.109] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0x3f0000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\defects.exe" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\defects.exe")) returned 0x3c [0061.110] CoTaskMemFree (pv=0x7c1180) [0061.110] CloseHandle (hObject=0x1e8) returned 1 [0061.110] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.110] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x854) returned 0x1e8 [0061.110] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x287885c, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x287885c, lpcbNeeded=0x3ae870) returned 1 [0061.111] GetModuleInformation (in: hProcess=0x1e8, hModule=0xe10000, lpmodinfo=0x287899c, cb=0xc | out: lpmodinfo=0x287899c*(lpBaseOfDll=0xe10000, SizeOfImage=0x17000, EntryPoint=0xe114a1)) returned 1 [0061.111] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.111] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0xe10000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="outlook.exe") returned 0xb [0061.111] CoTaskMemFree (pv=0x8280a0) [0061.111] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.112] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0xe10000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Media Player\\outlook.exe" (normalized: "c:\\program files (x86)\\windows media player\\outlook.exe")) returned 0x37 [0061.112] CoTaskMemFree (pv=0x8280a0) [0061.112] CloseHandle (hObject=0x1e8) returned 1 [0061.112] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.112] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x3b4) returned 0x1e8 [0061.112] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x287ac90, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x287ac90, lpcbNeeded=0x3ae870) returned 1 [0061.113] GetModuleInformation (in: hProcess=0x1e8, hModule=0x3e0000, lpmodinfo=0x287add0, cb=0xc | out: lpmodinfo=0x287add0*(lpBaseOfDll=0x3e0000, SizeOfImage=0x17000, EntryPoint=0x3e14a1)) returned 1 [0061.113] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.113] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0x3e0000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="gmailnotifierpro.exe") returned 0x14 [0061.114] CoTaskMemFree (pv=0x8280a0) [0061.114] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.114] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0x3e0000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Uninstall Information\\gmailnotifierpro.exe" (normalized: "c:\\program files\\uninstall information\\gmailnotifierpro.exe")) returned 0x3b [0061.114] CoTaskMemFree (pv=0x8280a0) [0061.114] CloseHandle (hObject=0x1e8) returned 1 [0061.114] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.114] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x980) returned 0x1e8 [0061.114] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x287d0e0, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x287d0e0, lpcbNeeded=0x3ae870) returned 1 [0061.115] GetModuleInformation (in: hProcess=0x1e8, hModule=0x2a0000, lpmodinfo=0x287d220, cb=0xc | out: lpmodinfo=0x287d220*(lpBaseOfDll=0x2a0000, SizeOfImage=0x17000, EntryPoint=0x2a14a1)) returned 1 [0061.116] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.116] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0x2a0000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="ccv_server.exe") returned 0xe [0061.116] CoTaskMemFree (pv=0x8280a0) [0061.116] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.116] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0x2a0000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Java\\ccv_server.exe" (normalized: "c:\\program files (x86)\\java\\ccv_server.exe")) returned 0x2a [0061.116] CoTaskMemFree (pv=0x8280a0) [0061.116] CloseHandle (hObject=0x1e8) returned 1 [0061.117] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.117] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x788) returned 0x1e8 [0061.117] EnumProcessModules (in: hProcess=0x1e8, lphModule=0x287f504, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x287f504, lpcbNeeded=0x3ae870) returned 1 [0061.118] GetModuleInformation (in: hProcess=0x1e8, hModule=0x2d0000, lpmodinfo=0x287f644, cb=0xc | out: lpmodinfo=0x287f644*(lpBaseOfDll=0x2d0000, SizeOfImage=0x17000, EntryPoint=0x2d14a1)) returned 1 [0061.118] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.118] GetModuleBaseNameW (in: hProcess=0x1e8, hModule=0x2d0000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="scores.exe") returned 0xa [0061.118] CoTaskMemFree (pv=0x8280a0) [0061.118] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.118] GetModuleFileNameExW (in: hProcess=0x1e8, hModule=0x2d0000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\scores.exe" (normalized: "c:\\program files (x86)\\internet explorer\\scores.exe")) returned 0x33 [0061.119] CoTaskMemFree (pv=0x8280a0) [0061.119] CloseHandle (hObject=0x1e8) returned 1 [0061.119] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.119] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x3ac) returned 0x0 [0061.120] EnumProcesses (in: lpidProcess=0x2881930, cb=0x400, lpcbNeeded=0x3ae7e8 | out: lpidProcess=0x2881930, lpcbNeeded=0x3ae7e8) returned 1 [0061.126] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x3ae544, nSize=0x101, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0061.136] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x90c) returned 0x1e4 [0061.136] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28824c8, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28824c8, lpcbNeeded=0x3ae870) returned 1 [0061.137] GetModuleInformation (in: hProcess=0x1e4, hModule=0x210000, lpmodinfo=0x2882608, cb=0xc | out: lpmodinfo=0x2882608*(lpBaseOfDll=0x210000, SizeOfImage=0x17000, EntryPoint=0x2114a1)) returned 1 [0061.137] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.137] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x210000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="whatsapp.exe") returned 0xc [0061.137] CoTaskMemFree (pv=0x8280a0) [0061.137] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.137] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x210000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft Analysis Services\\whatsapp.exe" (normalized: "c:\\program files (x86)\\microsoft analysis services\\whatsapp.exe")) returned 0x3f [0061.138] CoTaskMemFree (pv=0x8280a0) [0061.138] CloseHandle (hObject=0x1e4) returned 1 [0061.138] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.138] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x780) returned 0x1e4 [0061.138] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2884910, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x2884910, lpcbNeeded=0x3ae870) returned 1 [0061.139] GetModuleInformation (in: hProcess=0x1e4, hModule=0x1120000, lpmodinfo=0x2884a50, cb=0xc | out: lpmodinfo=0x2884a50*(lpBaseOfDll=0x1120000, SizeOfImage=0x17000, EntryPoint=0x11214a1)) returned 1 [0061.139] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.139] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x1120000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="foxmailincmail.exe") returned 0x12 [0061.140] CoTaskMemFree (pv=0x8280a0) [0061.140] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.140] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x1120000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Internet Explorer\\foxmailincmail.exe" (normalized: "c:\\program files\\internet explorer\\foxmailincmail.exe")) returned 0x35 [0061.140] CoTaskMemFree (pv=0x8280a0) [0061.140] CloseHandle (hObject=0x1e4) returned 1 [0061.140] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.140] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x844) returned 0x1e4 [0061.140] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2886d50, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x2886d50, lpcbNeeded=0x3ae870) returned 1 [0061.141] GetModuleInformation (in: hProcess=0x1e4, hModule=0xa0000, lpmodinfo=0x2886e90, cb=0xc | out: lpmodinfo=0x2886e90*(lpBaseOfDll=0xa0000, SizeOfImage=0x17000, EntryPoint=0xa14a1)) returned 1 [0061.141] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.141] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xa0000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="operamail.exe") returned 0xd [0061.142] CoTaskMemFree (pv=0x8280a0) [0061.142] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.142] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xa0000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\operamail.exe" (normalized: "c:\\program files (x86)\\internet explorer\\operamail.exe")) returned 0x36 [0061.142] CoTaskMemFree (pv=0x8280a0) [0061.142] CloseHandle (hObject=0x1e4) returned 1 [0061.142] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.142] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x90) returned 0x1e4 [0061.142] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2889188, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x2889188, lpcbNeeded=0x3ae870) returned 1 [0061.144] GetModuleInformation (in: hProcess=0x1e4, hModule=0x1150000, lpmodinfo=0x28892c8, cb=0xc | out: lpmodinfo=0x28892c8*(lpBaseOfDll=0x1150000, SizeOfImage=0x17000, EntryPoint=0x11514a1)) returned 1 [0061.144] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.144] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x1150000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="perl_fabrics_excess.exe") returned 0x17 [0061.145] CoTaskMemFree (pv=0x8280a0) [0061.145] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.145] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x1150000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files\\DVD Maker\\perl_fabrics_excess.exe" (normalized: "c:\\program files\\dvd maker\\perl_fabrics_excess.exe")) returned 0x32 [0061.145] CoTaskMemFree (pv=0x8280a0) [0061.145] CloseHandle (hObject=0x1e4) returned 1 [0061.145] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.145] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4bc) returned 0x1e4 [0061.145] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x288b5cc, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x288b5cc, lpcbNeeded=0x3ae870) returned 0 [0061.146] GetCurrentProcessId () returned 0x5e0 [0061.146] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e0) returned 0x1e0 [0061.146] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.146] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.147] CloseHandle (hObject=0x1e0) returned 1 [0061.147] CloseHandle (hObject=0x1e4) returned 1 [0061.147] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x148) returned 0x1e4 [0061.147] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x288b85c, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x288b85c, lpcbNeeded=0x3ae870) returned 0 [0061.147] GetCurrentProcessId () returned 0x5e0 [0061.147] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e0) returned 0x1e0 [0061.147] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.147] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.148] CloseHandle (hObject=0x1e0) returned 1 [0061.148] CloseHandle (hObject=0x1e4) returned 1 [0061.148] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4c8) returned 0x1e4 [0061.149] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x288baec, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x288baec, lpcbNeeded=0x3ae870) returned 0 [0061.149] GetCurrentProcessId () returned 0x5e0 [0061.149] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e0) returned 0x1e0 [0061.149] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.149] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.150] CloseHandle (hObject=0x1e0) returned 1 [0061.150] CloseHandle (hObject=0x1e4) returned 1 [0061.150] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8b8) returned 0x1e4 [0061.150] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x288bd7c, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x288bd7c, lpcbNeeded=0x3ae870) returned 1 [0061.151] GetModuleInformation (in: hProcess=0x1e4, hModule=0x11c0000, lpmodinfo=0x288bebc, cb=0xc | out: lpmodinfo=0x288bebc*(lpBaseOfDll=0x11c0000, SizeOfImage=0x17000, EntryPoint=0x11c14a1)) returned 1 [0061.151] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.151] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x11c0000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="smartftp.exe") returned 0xc [0061.152] CoTaskMemFree (pv=0x8280a0) [0061.152] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.152] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x11c0000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft.NET\\smartftp.exe" (normalized: "c:\\program files (x86)\\microsoft.net\\smartftp.exe")) returned 0x31 [0061.152] CoTaskMemFree (pv=0x8280a0) [0061.152] CloseHandle (hObject=0x1e4) returned 1 [0061.152] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.152] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x834) returned 0x1e4 [0061.152] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x288e1a8, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x288e1a8, lpcbNeeded=0x3ae870) returned 1 [0061.153] GetModuleInformation (in: hProcess=0x1e4, hModule=0xf50000, lpmodinfo=0x288e2e8, cb=0xc | out: lpmodinfo=0x288e2e8*(lpBaseOfDll=0xf50000, SizeOfImage=0x17000, EntryPoint=0xf514a1)) returned 1 [0061.154] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.154] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xf50000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="notepad.exe") returned 0xb [0061.154] CoTaskMemFree (pv=0x8280a0) [0061.154] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.154] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xf50000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Mozilla Maintenance Service\\notepad.exe" (normalized: "c:\\program files (x86)\\mozilla maintenance service\\notepad.exe")) returned 0x3e [0061.154] CoTaskMemFree (pv=0x8280a0) [0061.154] CloseHandle (hObject=0x1e4) returned 1 [0061.154] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.154] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8f8) returned 0x1e4 [0061.155] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28905ec, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28905ec, lpcbNeeded=0x3ae870) returned 1 [0061.156] GetModuleInformation (in: hProcess=0x1e4, hModule=0x1390000, lpmodinfo=0x289072c, cb=0xc | out: lpmodinfo=0x289072c*(lpBaseOfDll=0x1390000, SizeOfImage=0x17000, EntryPoint=0x13914a1)) returned 1 [0061.156] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.156] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x1390000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="webdrive.exe") returned 0xc [0061.156] CoTaskMemFree (pv=0x8280a0) [0061.156] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.156] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x1390000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files\\DVD Maker\\webdrive.exe" (normalized: "c:\\program files\\dvd maker\\webdrive.exe")) returned 0x27 [0061.157] CoTaskMemFree (pv=0x8280a0) [0061.157] CloseHandle (hObject=0x1e4) returned 1 [0061.157] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.157] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x5e0) returned 0x1e4 [0061.157] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2892a04, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x2892a04, lpcbNeeded=0x3ae870) returned 1 [0061.158] GetModuleInformation (in: hProcess=0x1e4, hModule=0x13e0000, lpmodinfo=0x2892b44, cb=0xc | out: lpmodinfo=0x2892b44*(lpBaseOfDll=0x13e0000, SizeOfImage=0x1a000, EntryPoint=0x13f40fe)) returned 1 [0061.158] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.158] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x13e0000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="WinUpdt.exe") returned 0xb [0061.159] CoTaskMemFree (pv=0x8280a0) [0061.159] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.159] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x13e0000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WinUpdt.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\winupdt.exe")) returned 0x31 [0061.159] CoTaskMemFree (pv=0x8280a0) [0061.159] CloseHandle (hObject=0x1e4) returned 1 [0061.159] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.159] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9b8) returned 0x1e4 [0061.159] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2894e2c, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x2894e2c, lpcbNeeded=0x3ae870) returned 1 [0061.160] GetModuleInformation (in: hProcess=0x1e4, hModule=0xb90000, lpmodinfo=0x2894f6c, cb=0xc | out: lpmodinfo=0x2894f6c*(lpBaseOfDll=0xb90000, SizeOfImage=0x17000, EntryPoint=0xb914a1)) returned 1 [0061.160] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.160] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xb90000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="edcsvr.exe") returned 0xa [0061.161] CoTaskMemFree (pv=0x8280a0) [0061.161] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.161] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xb90000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files\\DVD Maker\\edcsvr.exe" (normalized: "c:\\program files\\dvd maker\\edcsvr.exe")) returned 0x25 [0061.161] CoTaskMemFree (pv=0x8280a0) [0061.161] CloseHandle (hObject=0x1e4) returned 1 [0061.161] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.161] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x454) returned 0x1e4 [0061.161] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x289723c, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x289723c, lpcbNeeded=0x3ae870) returned 0 [0061.161] GetCurrentProcessId () returned 0x5e0 [0061.161] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e0) returned 0x1e0 [0061.161] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.162] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.163] CloseHandle (hObject=0x1e0) returned 1 [0061.163] CloseHandle (hObject=0x1e4) returned 1 [0061.163] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x2c8) returned 0x1e4 [0061.163] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28974cc, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28974cc, lpcbNeeded=0x3ae870) returned 0 [0061.163] GetCurrentProcessId () returned 0x5e0 [0061.163] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e0) returned 0x1e0 [0061.163] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.163] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.164] CloseHandle (hObject=0x1e0) returned 1 [0061.164] CloseHandle (hObject=0x1e4) returned 1 [0061.165] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x824) returned 0x1e4 [0061.165] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x289775c, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x289775c, lpcbNeeded=0x3ae870) returned 1 [0061.166] GetModuleInformation (in: hProcess=0x1e4, hModule=0xa80000, lpmodinfo=0x289789c, cb=0xc | out: lpmodinfo=0x289789c*(lpBaseOfDll=0xa80000, SizeOfImage=0x17000, EntryPoint=0xa814a1)) returned 1 [0061.166] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.166] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xa80000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="ncftp.exe") returned 0x9 [0061.166] CoTaskMemFree (pv=0x8280a0) [0061.166] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.166] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xa80000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Microsoft Analysis Services\\ncftp.exe" (normalized: "c:\\program files\\microsoft analysis services\\ncftp.exe")) returned 0x36 [0061.167] CoTaskMemFree (pv=0x8280a0) [0061.167] CloseHandle (hObject=0x1e4) returned 1 [0061.167] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.167] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8e8) returned 0x1e4 [0061.167] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x2899b8c, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x2899b8c, lpcbNeeded=0x3ae870) returned 1 [0061.168] GetModuleInformation (in: hProcess=0x1e4, hModule=0xee0000, lpmodinfo=0x2899ccc, cb=0xc | out: lpmodinfo=0x2899ccc*(lpBaseOfDll=0xee0000, SizeOfImage=0x17000, EntryPoint=0xee14a1)) returned 1 [0061.168] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.168] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xee0000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="trillian.exe") returned 0xc [0061.168] CoTaskMemFree (pv=0x8280a0) [0061.168] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.168] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xee0000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\trillian.exe" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\trillian.exe")) returned 0x3d [0061.169] CoTaskMemFree (pv=0x8280a0) [0061.169] CloseHandle (hObject=0x1e4) returned 1 [0061.169] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.169] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9a8) returned 0x1e4 [0061.169] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x289bfd0, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x289bfd0, lpcbNeeded=0x3ae870) returned 1 [0061.170] GetModuleInformation (in: hProcess=0x1e4, hModule=0x1250000, lpmodinfo=0x289c110, cb=0xc | out: lpmodinfo=0x289c110*(lpBaseOfDll=0x1250000, SizeOfImage=0x17000, EntryPoint=0x12514a1)) returned 1 [0061.170] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.170] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x1250000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="creditservice.exe") returned 0x11 [0061.171] CoTaskMemFree (pv=0x8280a0) [0061.171] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.171] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x1250000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Media Player\\creditservice.exe" (normalized: "c:\\program files (x86)\\windows media player\\creditservice.exe")) returned 0x3d [0061.171] CoTaskMemFree (pv=0x8280a0) [0061.171] CloseHandle (hObject=0x1e4) returned 1 [0061.171] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.171] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x444) returned 0x1e4 [0061.171] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x289e41c, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x289e41c, lpcbNeeded=0x3ae870) returned 0 [0061.171] GetCurrentProcessId () returned 0x5e0 [0061.171] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e0) returned 0x1e0 [0061.172] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.172] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.173] CloseHandle (hObject=0x1e0) returned 1 [0061.173] CloseHandle (hObject=0x1e4) returned 1 [0061.173] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa68) returned 0x1e4 [0061.173] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x289e6ac, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x289e6ac, lpcbNeeded=0x3ae870) returned 0 [0061.173] GetCurrentProcessId () returned 0x5e0 [0061.173] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e0) returned 0x1e0 [0061.173] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.173] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.174] CloseHandle (hObject=0x1e0) returned 1 [0061.174] CloseHandle (hObject=0x1e4) returned 1 [0061.174] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x5a8) returned 0x1e4 [0061.174] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x289e93c, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x289e93c, lpcbNeeded=0x3ae870) returned 1 [0061.175] GetModuleInformation (in: hProcess=0x1e4, hModule=0x870000, lpmodinfo=0x289ea7c, cb=0xc | out: lpmodinfo=0x289ea7c*(lpBaseOfDll=0x870000, SizeOfImage=0x17000, EntryPoint=0x8714a1)) returned 1 [0061.176] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.176] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x870000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="barca.exe") returned 0x9 [0061.176] CoTaskMemFree (pv=0x7c1180) [0061.176] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.176] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x870000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows NT\\barca.exe" (normalized: "c:\\program files (x86)\\windows nt\\barca.exe")) returned 0x2b [0061.176] CoTaskMemFree (pv=0x7c1180) [0061.176] CloseHandle (hObject=0x1e4) returned 1 [0061.176] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.176] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x814) returned 0x1e4 [0061.176] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28a0d54, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28a0d54, lpcbNeeded=0x3ae870) returned 1 [0061.178] GetModuleInformation (in: hProcess=0x1e4, hModule=0x1280000, lpmodinfo=0x28a0e94, cb=0xc | out: lpmodinfo=0x28a0e94*(lpBaseOfDll=0x1280000, SizeOfImage=0x17000, EntryPoint=0x12814a1)) returned 1 [0061.193] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.193] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x1280000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="leechftp.exe") returned 0xc [0061.194] CoTaskMemFree (pv=0x7c1180) [0061.194] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.194] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x1280000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Java\\leechftp.exe" (normalized: "c:\\program files (x86)\\java\\leechftp.exe")) returned 0x28 [0061.194] CoTaskMemFree (pv=0x7c1180) [0061.194] CloseHandle (hObject=0x1e4) returned 1 [0061.194] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.195] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8d8) returned 0x1e4 [0061.195] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28a3170, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28a3170, lpcbNeeded=0x3ae870) returned 1 [0061.196] GetModuleInformation (in: hProcess=0x1e4, hModule=0x13c0000, lpmodinfo=0x28a32b0, cb=0xc | out: lpmodinfo=0x28a32b0*(lpBaseOfDll=0x13c0000, SizeOfImage=0x17000, EntryPoint=0x13c14a1)) returned 1 [0061.196] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.196] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x13c0000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="totalcmd.exe") returned 0xc [0061.196] CoTaskMemFree (pv=0x7c1180) [0061.196] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.196] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x13c0000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Sidebar\\totalcmd.exe" (normalized: "c:\\program files\\windows sidebar\\totalcmd.exe")) returned 0x2d [0061.197] CoTaskMemFree (pv=0x7c1180) [0061.197] CloseHandle (hObject=0x1e4) returned 1 [0061.197] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.197] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1e8) returned 0x1e4 [0061.197] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28a5594, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28a5594, lpcbNeeded=0x3ae870) returned 0 [0061.197] GetCurrentProcessId () returned 0x5e0 [0061.197] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e0) returned 0x1e0 [0061.197] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.197] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.198] CloseHandle (hObject=0x1e0) returned 1 [0061.198] CloseHandle (hObject=0x1e4) returned 1 [0061.198] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x370) returned 0x1e4 [0061.198] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28a5824, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28a5824, lpcbNeeded=0x3ae870) returned 0 [0061.198] GetCurrentProcessId () returned 0x5e0 [0061.199] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e0) returned 0x1e0 [0061.199] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.199] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.200] CloseHandle (hObject=0x1e0) returned 1 [0061.200] CloseHandle (hObject=0x1e4) returned 1 [0061.200] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x434) returned 0x1e4 [0061.200] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28a5ab4, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28a5ab4, lpcbNeeded=0x3ae870) returned 1 [0061.201] GetModuleInformation (in: hProcess=0x1e4, hModule=0x840000, lpmodinfo=0x28a5bf4, cb=0xc | out: lpmodinfo=0x28a5bf4*(lpBaseOfDll=0x840000, SizeOfImage=0x17000, EntryPoint=0x8414a1)) returned 1 [0061.201] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.201] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x840000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="beginners-revenues.exe") returned 0x16 [0061.201] CoTaskMemFree (pv=0x7c1180) [0061.202] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.202] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x840000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files\\Internet Explorer\\beginners-revenues.exe" (normalized: "c:\\program files\\internet explorer\\beginners-revenues.exe")) returned 0x39 [0061.202] CoTaskMemFree (pv=0x7c1180) [0061.202] CloseHandle (hObject=0x1e4) returned 1 [0061.202] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.203] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28a7f04, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28a7f04, lpcbNeeded=0x3ae870) returned 1 [0061.204] GetModuleInformation (in: hProcess=0x1e4, hModule=0xbd0000, lpmodinfo=0x28a8044, cb=0xc | out: lpmodinfo=0x28a8044*(lpBaseOfDll=0xbd0000, SizeOfImage=0x17000, EntryPoint=0xbd14a1)) returned 1 [0061.204] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.204] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xbd0000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="evewallace.exe") returned 0xe [0061.204] CoTaskMemFree (pv=0x7c1180) [0061.204] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.204] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xbd0000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Common Files\\evewallace.exe" (normalized: "c:\\program files (x86)\\common files\\evewallace.exe")) returned 0x32 [0061.204] CoTaskMemFree (pv=0x7c1180) [0061.204] CloseHandle (hObject=0x1e4) returned 1 [0061.205] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.205] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28aa338, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28aa338, lpcbNeeded=0x3ae870) returned 1 [0061.206] GetModuleInformation (in: hProcess=0x1e4, hModule=0x1100000, lpmodinfo=0x28aa478, cb=0xc | out: lpmodinfo=0x28aa478*(lpBaseOfDll=0x1100000, SizeOfImage=0x17000, EntryPoint=0x11014a1)) returned 1 [0061.206] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.206] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x1100000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="centralcreditcard.exe") returned 0x15 [0061.206] CoTaskMemFree (pv=0x7c1180) [0061.206] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.206] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x1100000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Photo Viewer\\centralcreditcard.exe" (normalized: "c:\\program files\\windows photo viewer\\centralcreditcard.exe")) returned 0x3b [0061.207] CoTaskMemFree (pv=0x7c1180) [0061.207] CloseHandle (hObject=0x1e4) returned 1 [0061.207] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.207] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28ac788, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28ac788, lpcbNeeded=0x3ae870) returned 0 [0061.208] CloseHandle (hObject=0x1e0) returned 1 [0061.208] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28aca18, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28aca18, lpcbNeeded=0x3ae870) returned 0 [0061.209] CloseHandle (hObject=0x1e0) returned 1 [0061.209] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28acca8, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28acca8, lpcbNeeded=0x3ae870) returned 1 [0061.210] GetModuleInformation (in: hProcess=0x1e4, hModule=0xb40000, lpmodinfo=0x28acde8, cb=0xc | out: lpmodinfo=0x28acde8*(lpBaseOfDll=0xb40000, SizeOfImage=0x17000, EntryPoint=0xb414a1)) returned 1 [0061.210] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.210] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xb40000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="salt_protective_history.exe") returned 0x1b [0061.211] CoTaskMemFree (pv=0x7c1180) [0061.211] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.211] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xb40000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Sidebar\\salt_protective_history.exe" (normalized: "c:\\program files (x86)\\windows sidebar\\salt_protective_history.exe")) returned 0x42 [0061.211] CoTaskMemFree (pv=0x7c1180) [0061.211] CloseHandle (hObject=0x1e4) returned 1 [0061.211] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.211] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28af114, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28af114, lpcbNeeded=0x3ae870) returned 1 [0061.212] GetModuleInformation (in: hProcess=0x1e4, hModule=0xf60000, lpmodinfo=0x28af254, cb=0xc | out: lpmodinfo=0x28af254*(lpBaseOfDll=0xf60000, SizeOfImage=0x17000, EntryPoint=0xf614a1)) returned 1 [0061.213] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.213] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xf60000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="icq.exe") returned 0x7 [0061.213] CoTaskMemFree (pv=0x7c1180) [0061.213] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.213] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xf60000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Mozilla Maintenance Service\\icq.exe" (normalized: "c:\\program files (x86)\\mozilla maintenance service\\icq.exe")) returned 0x3a [0061.213] CoTaskMemFree (pv=0x7c1180) [0061.213] CloseHandle (hObject=0x1e4) returned 1 [0061.213] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.213] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28b1548, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28b1548, lpcbNeeded=0x3ae870) returned 1 [0061.214] GetModuleInformation (in: hProcess=0x1e4, hModule=0x1290000, lpmodinfo=0x28b1688, cb=0xc | out: lpmodinfo=0x28b1688*(lpBaseOfDll=0x1290000, SizeOfImage=0x17000, EntryPoint=0x12914a1)) returned 1 [0061.215] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.215] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x1290000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="thunderbird.exe") returned 0xf [0061.215] CoTaskMemFree (pv=0x7c1180) [0061.215] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.215] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x1290000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Portable Devices\\thunderbird.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\thunderbird.exe")) returned 0x3f [0061.216] CoTaskMemFree (pv=0x7c1180) [0061.216] CloseHandle (hObject=0x1e4) returned 1 [0061.216] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.216] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28b3994, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28b3994, lpcbNeeded=0x3ae870) returned 1 [0061.217] GetModuleInformation (in: hProcess=0x1e4, hModule=0xbe0000, lpmodinfo=0x28b3ad4, cb=0xc | out: lpmodinfo=0x28b3ad4*(lpBaseOfDll=0xbe0000, SizeOfImage=0x17000, EntryPoint=0xbe14a1)) returned 1 [0061.217] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.217] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xbe0000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="independent.exe") returned 0xf [0061.217] CoTaskMemFree (pv=0x7c1180) [0061.217] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.217] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xbe0000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files\\DVD Maker\\independent.exe" (normalized: "c:\\program files\\dvd maker\\independent.exe")) returned 0x2a [0061.218] CoTaskMemFree (pv=0x7c1180) [0061.218] CloseHandle (hObject=0x1e4) returned 1 [0061.218] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.218] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28b5db8, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28b5db8, lpcbNeeded=0x3ae870) returned 0 [0061.219] CloseHandle (hObject=0x1e0) returned 1 [0061.219] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28b6048, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28b6048, lpcbNeeded=0x3ae870) returned 0 [0061.220] CloseHandle (hObject=0x1e0) returned 1 [0061.220] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28b62d8, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28b62d8, lpcbNeeded=0x3ae870) returned 1 [0061.224] GetModuleInformation (in: hProcess=0x1e4, hModule=0x1b0000, lpmodinfo=0x28b6418, cb=0xc | out: lpmodinfo=0x28b6418*(lpBaseOfDll=0x1b0000, SizeOfImage=0x17000, EntryPoint=0x1b14a1)) returned 1 [0061.224] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.224] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x1b0000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="afr38.exe") returned 0x9 [0061.225] CoTaskMemFree (pv=0x7c1180) [0061.225] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.225] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x1b0000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files\\Internet Explorer\\afr38.exe" (normalized: "c:\\program files\\internet explorer\\afr38.exe")) returned 0x2c [0061.225] CoTaskMemFree (pv=0x7c1180) [0061.225] CloseHandle (hObject=0x1e4) returned 1 [0061.225] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.225] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28b86f4, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28b86f4, lpcbNeeded=0x3ae870) returned 1 [0061.226] GetModuleInformation (in: hProcess=0x1e4, hModule=0xcc0000, lpmodinfo=0x28b8834, cb=0xc | out: lpmodinfo=0x28b8834*(lpBaseOfDll=0xcc0000, SizeOfImage=0x17000, EntryPoint=0xcc14a1)) returned 1 [0061.227] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.227] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xcc0000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="flashfxp.exe") returned 0xc [0061.227] CoTaskMemFree (pv=0x7c1180) [0061.227] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.227] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xcc0000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft Analysis Services\\flashfxp.exe" (normalized: "c:\\program files (x86)\\microsoft analysis services\\flashfxp.exe")) returned 0x3f [0061.227] CoTaskMemFree (pv=0x7c1180) [0061.227] CloseHandle (hObject=0x1e4) returned 1 [0061.227] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.227] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28bab3c, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28bab3c, lpcbNeeded=0x3ae870) returned 1 [0061.228] GetModuleInformation (in: hProcess=0x1e4, hModule=0xb0000, lpmodinfo=0x28bac7c, cb=0xc | out: lpmodinfo=0x28bac7c*(lpBaseOfDll=0xb0000, SizeOfImage=0x17000, EntryPoint=0xb14a1)) returned 1 [0061.229] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.229] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xb0000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="far.exe") returned 0x7 [0061.229] CoTaskMemFree (pv=0x7c1180) [0061.229] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.229] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xb0000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\far.exe" (normalized: "c:\\program files\\common files\\far.exe")) returned 0x25 [0061.230] CoTaskMemFree (pv=0x7c1180) [0061.230] CloseHandle (hObject=0x1e4) returned 1 [0061.230] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.230] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28bcf44, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28bcf44, lpcbNeeded=0x3ae870) returned 1 [0061.231] GetModuleInformation (in: hProcess=0x1e4, hModule=0xde0000, lpmodinfo=0x28bd084, cb=0xc | out: lpmodinfo=0x28bd084*(lpBaseOfDll=0xde0000, SizeOfImage=0x17000, EntryPoint=0xde14a1)) returned 1 [0061.231] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.231] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xde0000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="absolutetelnet.exe") returned 0x12 [0061.231] CoTaskMemFree (pv=0x7c1180) [0061.231] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.231] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xde0000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft Visual Studio 8\\absolutetelnet.exe" (normalized: "c:\\program files (x86)\\microsoft visual studio 8\\absolutetelnet.exe")) returned 0x43 [0061.232] CoTaskMemFree (pv=0x7c1180) [0061.232] CloseHandle (hObject=0x1e4) returned 1 [0061.232] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.232] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28bf3a0, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28bf3a0, lpcbNeeded=0x3ae870) returned 0 [0061.233] CloseHandle (hObject=0x1e0) returned 1 [0061.233] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28bf630, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28bf630, lpcbNeeded=0x3ae870) returned 1 [0061.234] GetModuleInformation (in: hProcess=0x1e4, hModule=0x20000, lpmodinfo=0x28bf770, cb=0xc | out: lpmodinfo=0x28bf770*(lpBaseOfDll=0x20000, SizeOfImage=0x17000, EntryPoint=0x214a1)) returned 1 [0061.234] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.234] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x20000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="cope.exe") returned 0x8 [0061.235] CoTaskMemFree (pv=0x7c1180) [0061.235] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.235] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x20000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Media Player\\cope.exe" (normalized: "c:\\program files (x86)\\windows media player\\cope.exe")) returned 0x34 [0061.235] CoTaskMemFree (pv=0x7c1180) [0061.235] CloseHandle (hObject=0x1e4) returned 1 [0061.235] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.235] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28c1a5c, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28c1a5c, lpcbNeeded=0x3ae870) returned 1 [0061.236] GetModuleInformation (in: hProcess=0x1e4, hModule=0xf80000, lpmodinfo=0x28c1b9c, cb=0xc | out: lpmodinfo=0x28c1b9c*(lpBaseOfDll=0xf80000, SizeOfImage=0x17000, EntryPoint=0xf814a1)) returned 1 [0061.237] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.237] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xf80000, lpBaseName=0x7c1180, nSize=0x800 | out: lpBaseName="coreftp.exe") returned 0xb [0061.237] CoTaskMemFree (pv=0x7c1180) [0061.237] CoTaskMemAlloc (cb=0x804) returned 0x7c1180 [0061.237] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xf80000, lpFilename=0x7c1180, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Photo Viewer\\coreftp.exe" (normalized: "c:\\program files (x86)\\windows photo viewer\\coreftp.exe")) returned 0x37 [0061.237] CoTaskMemFree (pv=0x7c1180) [0061.237] CloseHandle (hObject=0x1e4) returned 1 [0061.237] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.238] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x418) returned 0x1e4 [0061.238] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28c3e90, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28c3e90, lpcbNeeded=0x3ae870) returned 1 [0061.239] GetModuleInformation (in: hProcess=0x1e4, hModule=0x310000, lpmodinfo=0x28c3fd0, cb=0xc | out: lpmodinfo=0x28c3fd0*(lpBaseOfDll=0x310000, SizeOfImage=0x17000, EntryPoint=0x3114a1)) returned 1 [0061.239] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.239] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x310000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="rg fujitsu schemes.exe") returned 0x16 [0061.239] CoTaskMemFree (pv=0x8280a0) [0061.239] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.239] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x310000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Microsoft Sync Framework\\rg fujitsu schemes.exe" (normalized: "c:\\program files\\microsoft sync framework\\rg fujitsu schemes.exe")) returned 0x40 [0061.240] CoTaskMemFree (pv=0x8280a0) [0061.240] CloseHandle (hObject=0x1e4) returned 1 [0061.240] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.240] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x104) returned 0x1e4 [0061.240] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28c62f0, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28c62f0, lpcbNeeded=0x3ae870) returned 0 [0061.241] GetCurrentProcessId () returned 0x5e0 [0061.241] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e0) returned 0x1e0 [0061.241] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.241] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.242] CloseHandle (hObject=0x1e0) returned 1 [0061.242] CloseHandle (hObject=0x1e4) returned 1 [0061.242] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7ec) returned 0x1e4 [0061.242] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28c6580, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28c6580, lpcbNeeded=0x3ae870) returned 1 [0061.243] GetModuleInformation (in: hProcess=0x1e4, hModule=0xc20000, lpmodinfo=0x28c66c0, cb=0xc | out: lpmodinfo=0x28c66c0*(lpBaseOfDll=0xc20000, SizeOfImage=0x17000, EntryPoint=0xc214a1)) returned 1 [0061.243] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.243] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xc20000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="3dftp.exe") returned 0x9 [0061.243] CoTaskMemFree (pv=0x8280a0) [0061.244] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.244] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xc20000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Portable Devices\\3dftp.exe" (normalized: "c:\\program files\\windows portable devices\\3dftp.exe")) returned 0x33 [0061.244] CoTaskMemFree (pv=0x8280a0) [0061.244] CloseHandle (hObject=0x1e4) returned 1 [0061.244] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.244] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x940) returned 0x1e4 [0061.244] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28c89a8, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28c89a8, lpcbNeeded=0x3ae870) returned 1 [0061.245] GetModuleInformation (in: hProcess=0x1e4, hModule=0x13e0000, lpmodinfo=0x28c8ae8, cb=0xc | out: lpmodinfo=0x28c8ae8*(lpBaseOfDll=0x13e0000, SizeOfImage=0x17000, EntryPoint=0x13e14a1)) returned 1 [0061.245] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.245] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x13e0000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="active-charge.exe") returned 0x11 [0061.246] CoTaskMemFree (pv=0x8280a0) [0061.246] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.246] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x13e0000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Uninstall Information\\active-charge.exe" (normalized: "c:\\program files\\uninstall information\\active-charge.exe")) returned 0x38 [0061.246] CoTaskMemFree (pv=0x8280a0) [0061.246] CloseHandle (hObject=0x1e4) returned 1 [0061.246] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.246] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x970) returned 0x1e4 [0061.246] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28cadec, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28cadec, lpcbNeeded=0x3ae870) returned 1 [0061.247] GetModuleInformation (in: hProcess=0x1e4, hModule=0x340000, lpmodinfo=0x28caf2c, cb=0xc | out: lpmodinfo=0x28caf2c*(lpBaseOfDll=0x340000, SizeOfImage=0x17000, EntryPoint=0x3414a1)) returned 1 [0061.247] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.247] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x340000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="aldelo.exe") returned 0xa [0061.248] CoTaskMemFree (pv=0x8280a0) [0061.248] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.248] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x340000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Java\\aldelo.exe" (normalized: "c:\\program files (x86)\\java\\aldelo.exe")) returned 0x26 [0061.248] CoTaskMemFree (pv=0x8280a0) [0061.248] CloseHandle (hObject=0x1e4) returned 1 [0061.248] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.248] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x71c) returned 0x1e4 [0061.248] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28cd200, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28cd200, lpcbNeeded=0x3ae870) returned 1 [0061.249] GetModuleInformation (in: hProcess=0x1e4, hModule=0xd30000, lpmodinfo=0x28cd340, cb=0xc | out: lpmodinfo=0x28cd340*(lpBaseOfDll=0xd30000, SizeOfImage=0x17000, EntryPoint=0xd314a1)) returned 1 [0061.250] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.250] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xd30000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="championsresponsible.exe") returned 0x18 [0061.250] CoTaskMemFree (pv=0x8280a0) [0061.250] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.250] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xd30000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\championsresponsible.exe" (normalized: "c:\\program files (x86)\\internet explorer\\championsresponsible.exe")) returned 0x41 [0061.250] CoTaskMemFree (pv=0x8280a0) [0061.250] CloseHandle (hObject=0x1e4) returned 1 [0061.250] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.250] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa2c) returned 0x1e4 [0061.250] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28cf664, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28cf664, lpcbNeeded=0x3ae870) returned 1 [0061.251] GetModuleInformation (in: hProcess=0x1e4, hModule=0x880000, lpmodinfo=0x28cf7a4, cb=0xc | out: lpmodinfo=0x28cf7a4*(lpBaseOfDll=0x880000, SizeOfImage=0x17000, EntryPoint=0x8814a1)) returned 1 [0061.252] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.252] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x880000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="utg2.exe") returned 0x8 [0061.252] CoTaskMemFree (pv=0x8280a0) [0061.252] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.252] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x880000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\utg2.exe" (normalized: "c:\\program files (x86)\\internet explorer\\utg2.exe")) returned 0x31 [0061.252] CoTaskMemFree (pv=0x8280a0) [0061.252] CloseHandle (hObject=0x1e4) returned 1 [0061.252] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.253] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7dc) returned 0x1e4 [0061.253] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28d1a88, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28d1a88, lpcbNeeded=0x3ae870) returned 1 [0061.254] GetModuleInformation (in: hProcess=0x1e4, hModule=0x11b0000, lpmodinfo=0x28d1bc8, cb=0xc | out: lpmodinfo=0x28d1bc8*(lpBaseOfDll=0x11b0000, SizeOfImage=0x17000, EntryPoint=0x11b14a1)) returned 1 [0061.254] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.254] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x11b0000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="alftp.exe") returned 0x9 [0061.255] CoTaskMemFree (pv=0x8280a0) [0061.255] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.255] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x11b0000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Reference Assemblies\\alftp.exe" (normalized: "c:\\program files\\reference assemblies\\alftp.exe")) returned 0x2f [0061.255] CoTaskMemFree (pv=0x8280a0) [0061.255] CloseHandle (hObject=0x1e4) returned 1 [0061.255] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.255] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa94) returned 0x1e4 [0061.255] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28d3ea8, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28d3ea8, lpcbNeeded=0x3ae870) returned 0 [0061.255] GetCurrentProcessId () returned 0x5e0 [0061.255] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e0) returned 0x1e0 [0061.255] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.255] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.257] CloseHandle (hObject=0x1e0) returned 1 [0061.257] CloseHandle (hObject=0x1e4) returned 1 [0061.257] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x588) returned 0x1e4 [0061.257] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28d4138, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28d4138, lpcbNeeded=0x3ae870) returned 0 [0061.257] GetCurrentProcessId () returned 0x5e0 [0061.257] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e0) returned 0x1e0 [0061.257] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.257] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.258] CloseHandle (hObject=0x1e0) returned 1 [0061.259] CloseHandle (hObject=0x1e4) returned 1 [0061.259] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x338) returned 0x1e4 [0061.259] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28d43c8, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28d43c8, lpcbNeeded=0x3ae870) returned 0 [0061.259] GetCurrentProcessId () returned 0x5e0 [0061.259] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e0) returned 0x1e0 [0061.259] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.259] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.261] CloseHandle (hObject=0x1e0) returned 1 [0061.261] CloseHandle (hObject=0x1e4) returned 1 [0061.261] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1ac) returned 0x1e4 [0061.261] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28d4658, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28d4658, lpcbNeeded=0x3ae870) returned 0 [0061.261] GetCurrentProcessId () returned 0x5e0 [0061.261] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e0) returned 0x1e0 [0061.261] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.262] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.262] CloseHandle (hObject=0x1e0) returned 1 [0061.263] CloseHandle (hObject=0x1e4) returned 1 [0061.263] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7d0) returned 0x1e4 [0061.263] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28d48e8, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28d48e8, lpcbNeeded=0x3ae870) returned 1 [0061.264] GetModuleInformation (in: hProcess=0x1e4, hModule=0xa0000, lpmodinfo=0x28d4a28, cb=0xc | out: lpmodinfo=0x28d4a28*(lpBaseOfDll=0xa0000, SizeOfImage=0x17000, EntryPoint=0xa14a1)) returned 1 [0061.264] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.264] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xa0000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="appendix-sodium-begin.exe") returned 0x19 [0061.264] CoTaskMemFree (pv=0x8280a0) [0061.264] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.264] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xa0000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files\\DVD Maker\\appendix-sodium-begin.exe" (normalized: "c:\\program files\\dvd maker\\appendix-sodium-begin.exe")) returned 0x34 [0061.265] CoTaskMemFree (pv=0x8280a0) [0061.265] CloseHandle (hObject=0x1e4) returned 1 [0061.265] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.265] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x894) returned 0x1e4 [0061.265] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28d6d34, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28d6d34, lpcbNeeded=0x3ae870) returned 1 [0061.266] GetModuleInformation (in: hProcess=0x1e4, hModule=0x1140000, lpmodinfo=0x28d6e74, cb=0xc | out: lpmodinfo=0x28d6e74*(lpBaseOfDll=0x1140000, SizeOfImage=0x17000, EntryPoint=0x11414a1)) returned 1 [0061.266] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.266] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x1140000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="skype.exe") returned 0x9 [0061.266] CoTaskMemFree (pv=0x8280a0) [0061.267] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.267] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x1140000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Adobe\\skype.exe" (normalized: "c:\\program files (x86)\\adobe\\skype.exe")) returned 0x26 [0061.267] CoTaskMemFree (pv=0x8280a0) [0061.267] CloseHandle (hObject=0x1e4) returned 1 [0061.267] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.267] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa1c) returned 0x1e4 [0061.267] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28d9144, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28d9144, lpcbNeeded=0x3ae870) returned 1 [0061.268] GetModuleInformation (in: hProcess=0x1e4, hModule=0xc0000, lpmodinfo=0x28d9284, cb=0xc | out: lpmodinfo=0x28d9284*(lpBaseOfDll=0xc0000, SizeOfImage=0x17000, EntryPoint=0xc14a1)) returned 1 [0061.268] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.268] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xc0000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="spgagentservice.exe") returned 0x13 [0061.269] CoTaskMemFree (pv=0x8280a0) [0061.269] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.269] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xc0000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Mozilla Firefox\\spgagentservice.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\spgagentservice.exe")) returned 0x3a [0061.269] CoTaskMemFree (pv=0x8280a0) [0061.269] CloseHandle (hObject=0x1e4) returned 1 [0061.269] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.269] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9cc) returned 0x1e4 [0061.269] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28db590, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28db590, lpcbNeeded=0x3ae870) returned 1 [0061.270] GetModuleInformation (in: hProcess=0x1e4, hModule=0xbc0000, lpmodinfo=0x28db6d0, cb=0xc | out: lpmodinfo=0x28db6d0*(lpBaseOfDll=0xbc0000, SizeOfImage=0x17000, EntryPoint=0xbc14a1)) returned 1 [0061.270] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.270] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xbc0000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="fpos.exe") returned 0x8 [0061.271] CoTaskMemFree (pv=0x8280a0) [0061.271] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.271] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xbc0000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Microsoft SQL Server Compact Edition\\fpos.exe" (normalized: "c:\\program files\\microsoft sql server compact edition\\fpos.exe")) returned 0x3e [0061.271] CoTaskMemFree (pv=0x8280a0) [0061.271] CloseHandle (hObject=0x1e4) returned 1 [0061.271] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.271] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x950) returned 0x1e4 [0061.271] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28dd9d0, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28dd9d0, lpcbNeeded=0x3ae870) returned 1 [0061.272] GetModuleInformation (in: hProcess=0x1e4, hModule=0x900000, lpmodinfo=0x28ddb10, cb=0xc | out: lpmodinfo=0x28ddb10*(lpBaseOfDll=0x900000, SizeOfImage=0x17000, EntryPoint=0x9014a1)) returned 1 [0061.273] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.273] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x900000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="accupos.exe") returned 0xb [0061.273] CoTaskMemFree (pv=0x8280a0) [0061.273] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.273] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x900000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Journal\\accupos.exe" (normalized: "c:\\program files\\windows journal\\accupos.exe")) returned 0x2c [0061.273] CoTaskMemFree (pv=0x8280a0) [0061.273] CloseHandle (hObject=0x1e4) returned 1 [0061.273] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.273] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9dc) returned 0x1e4 [0061.274] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28dfdf0, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28dfdf0, lpcbNeeded=0x3ae870) returned 1 [0061.275] GetModuleInformation (in: hProcess=0x1e4, hModule=0x1350000, lpmodinfo=0x28dff30, cb=0xc | out: lpmodinfo=0x28dff30*(lpBaseOfDll=0x1350000, SizeOfImage=0x17000, EntryPoint=0x13514a1)) returned 1 [0061.275] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.275] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x1350000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="isspos.exe") returned 0xa [0061.275] CoTaskMemFree (pv=0x8280a0) [0061.275] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.275] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x1350000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Media Player\\isspos.exe" (normalized: "c:\\program files\\windows media player\\isspos.exe")) returned 0x30 [0061.275] CoTaskMemFree (pv=0x8280a0) [0061.276] CloseHandle (hObject=0x1e4) returned 1 [0061.276] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.276] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x6fc) returned 0x1e4 [0061.276] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28e2218, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28e2218, lpcbNeeded=0x3ae870) returned 1 [0061.277] GetModuleInformation (in: hProcess=0x1e4, hModule=0x20000, lpmodinfo=0x28e2358, cb=0xc | out: lpmodinfo=0x28e2358*(lpBaseOfDll=0x20000, SizeOfImage=0x17000, EntryPoint=0x214a1)) returned 1 [0061.277] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.277] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x20000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="thunder-sue.exe") returned 0xf [0061.278] CoTaskMemFree (pv=0x8280a0) [0061.278] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.278] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x20000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Reference Assemblies\\thunder-sue.exe" (normalized: "c:\\program files (x86)\\reference assemblies\\thunder-sue.exe")) returned 0x3b [0061.278] CoTaskMemFree (pv=0x8280a0) [0061.278] CloseHandle (hObject=0x1e4) returned 1 [0061.278] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.278] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x250) returned 0x1e4 [0061.278] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28e465c, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28e465c, lpcbNeeded=0x3ae870) returned 0 [0061.279] GetCurrentProcessId () returned 0x5e0 [0061.279] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e0) returned 0x1e0 [0061.279] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.279] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.280] CloseHandle (hObject=0x1e0) returned 1 [0061.280] CloseHandle (hObject=0x1e4) returned 1 [0061.280] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa0c) returned 0x1e4 [0061.280] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28e48ec, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28e48ec, lpcbNeeded=0x3ae870) returned 1 [0061.281] GetModuleInformation (in: hProcess=0x1e4, hModule=0xe00000, lpmodinfo=0x28e4a2c, cb=0xc | out: lpmodinfo=0x28e4a2c*(lpBaseOfDll=0xe00000, SizeOfImage=0x17000, EntryPoint=0xe014a1)) returned 1 [0061.281] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.281] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xe00000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="spcwin.exe") returned 0xa [0061.281] CoTaskMemFree (pv=0x8280a0) [0061.282] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.282] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xe00000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Mail\\spcwin.exe" (normalized: "c:\\program files (x86)\\windows mail\\spcwin.exe")) returned 0x2e [0061.282] CoTaskMemFree (pv=0x8280a0) [0061.282] CloseHandle (hObject=0x1e4) returned 1 [0061.282] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.282] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7bc) returned 0x1e4 [0061.282] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28e6d10, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28e6d10, lpcbNeeded=0x3ae870) returned 1 [0061.283] GetModuleInformation (in: hProcess=0x1e4, hModule=0x240000, lpmodinfo=0x28e6e50, cb=0xc | out: lpmodinfo=0x28e6e50*(lpBaseOfDll=0x240000, SizeOfImage=0x17000, EntryPoint=0x2414a1)) returned 1 [0061.283] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.283] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x240000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="merchandise-owner-great.exe") returned 0x1b [0061.284] CoTaskMemFree (pv=0x8280a0) [0061.284] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.284] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x240000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Photo Viewer\\merchandise-owner-great.exe" (normalized: "c:\\program files (x86)\\windows photo viewer\\merchandise-owner-great.exe")) returned 0x47 [0061.284] CoTaskMemFree (pv=0x8280a0) [0061.284] CloseHandle (hObject=0x1e4) returned 1 [0061.284] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.284] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x880) returned 0x1e4 [0061.284] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28e9184, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28e9184, lpcbNeeded=0x3ae870) returned 1 [0061.285] GetModuleInformation (in: hProcess=0x1e4, hModule=0x240000, lpmodinfo=0x28e92c4, cb=0xc | out: lpmodinfo=0x28e92c4*(lpBaseOfDll=0x240000, SizeOfImage=0x17000, EntryPoint=0x2414a1)) returned 1 [0061.286] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.286] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x240000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="scriptftp.exe") returned 0xd [0061.286] CoTaskMemFree (pv=0x8280a0) [0061.286] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.286] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x240000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Mail\\scriptftp.exe" (normalized: "c:\\program files (x86)\\windows mail\\scriptftp.exe")) returned 0x31 [0061.286] CoTaskMemFree (pv=0x8280a0) [0061.286] CloseHandle (hObject=0x1e4) returned 1 [0061.286] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.286] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x408) returned 0x1e4 [0061.286] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28eb5b0, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28eb5b0, lpcbNeeded=0x3ae870) returned 1 [0061.287] GetModuleInformation (in: hProcess=0x1e4, hModule=0x100000, lpmodinfo=0x28eb6f0, cb=0xc | out: lpmodinfo=0x28eb6f0*(lpBaseOfDll=0x100000, SizeOfImage=0x17000, EntryPoint=0x1014a1)) returned 1 [0061.288] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.288] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x100000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="stream_requests_invision.exe") returned 0x1c [0061.288] CoTaskMemFree (pv=0x8280a0) [0061.288] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.288] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x100000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Sidebar\\stream_requests_invision.exe" (normalized: "c:\\program files\\windows sidebar\\stream_requests_invision.exe")) returned 0x3d [0061.288] CoTaskMemFree (pv=0x8280a0) [0061.288] CloseHandle (hObject=0x1e4) returned 1 [0061.289] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.289] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7b8) returned 0x1e4 [0061.290] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28eda14, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28eda14, lpcbNeeded=0x3ae870) returned 1 [0061.291] GetModuleInformation (in: hProcess=0x1e4, hModule=0x13e0000, lpmodinfo=0x28edb54, cb=0xc | out: lpmodinfo=0x28edb54*(lpBaseOfDll=0x13e0000, SizeOfImage=0x17000, EntryPoint=0x13e14a1)) returned 1 [0061.292] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.292] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0x13e0000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="bitkinex.exe") returned 0xc [0061.292] CoTaskMemFree (pv=0x8280a0) [0061.292] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.292] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0x13e0000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Portable Devices\\bitkinex.exe" (normalized: "c:\\program files\\windows portable devices\\bitkinex.exe")) returned 0x36 [0061.292] CoTaskMemFree (pv=0x8280a0) [0061.292] CloseHandle (hObject=0x1e4) returned 1 [0061.292] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.292] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb90) returned 0x1e4 [0061.293] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28efe4c, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28efe4c, lpcbNeeded=0x3ae870) returned 0 [0061.293] GetCurrentProcessId () returned 0x5e0 [0061.293] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e0) returned 0x1e0 [0061.293] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.293] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.294] CloseHandle (hObject=0x1e0) returned 1 [0061.294] CloseHandle (hObject=0x1e4) returned 1 [0061.295] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc8) returned 0x1e4 [0061.295] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28f02d4, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28f02d4, lpcbNeeded=0x3ae870) returned 0 [0061.295] GetCurrentProcessId () returned 0x5e0 [0061.295] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e0) returned 0x1e0 [0061.295] IsWow64Process (in: hProcess=0x1e0, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.295] IsWow64Process (in: hProcess=0x1e4, Wow64Process=0x3ae7f0 | out: Wow64Process=0x3ae7f0) returned 1 [0061.296] CloseHandle (hObject=0x1e0) returned 1 [0061.296] CloseHandle (hObject=0x1e4) returned 1 [0061.297] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7b4) returned 0x1e4 [0061.297] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28f0564, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28f0564, lpcbNeeded=0x3ae870) returned 1 [0061.298] GetModuleInformation (in: hProcess=0x1e4, hModule=0xd20000, lpmodinfo=0x28f06a4, cb=0xc | out: lpmodinfo=0x28f06a4*(lpBaseOfDll=0xd20000, SizeOfImage=0x17000, EntryPoint=0xd214a1)) returned 1 [0061.298] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.298] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xd20000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="settings.exe") returned 0xc [0061.298] CoTaskMemFree (pv=0x8280a0) [0061.298] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.298] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xd20000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Reference Assemblies\\settings.exe" (normalized: "c:\\program files\\reference assemblies\\settings.exe")) returned 0x32 [0061.299] CoTaskMemFree (pv=0x8280a0) [0061.299] CloseHandle (hObject=0x1e4) returned 1 [0061.299] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.299] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x564) returned 0x1e4 [0061.299] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x28f2994, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28f2994, lpcbNeeded=0x3ae870) returned 1 [0061.300] GetModuleInformation (in: hProcess=0x1e4, hModule=0xd10000, lpmodinfo=0x28f2ad4, cb=0xc | out: lpmodinfo=0x28f2ad4*(lpBaseOfDll=0xd10000, SizeOfImage=0x17000, EntryPoint=0xd114a1)) returned 1 [0061.300] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.301] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xd10000, lpBaseName=0x8280a0, nSize=0x800 | out: lpBaseName="salon-taxation-arabic.exe") returned 0x19 [0061.301] CoTaskMemFree (pv=0x8280a0) [0061.301] CoTaskMemAlloc (cb=0x804) returned 0x8280a0 [0061.301] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xd10000, lpFilename=0x8280a0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Media Player\\salon-taxation-arabic.exe" (normalized: "c:\\program files\\windows media player\\salon-taxation-arabic.exe")) returned 0x3f [0061.301] CoTaskMemFree (pv=0x8280a0) [0061.301] CloseHandle (hObject=0x1e4) returned 1 [0061.301] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.303] GetCurrentProcess () returned 0xffffffff [0061.303] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ae840 | out: TokenHandle=0x3ae840*=0x1e4) returned 1 [0061.303] GetTokenInformation (in: TokenHandle=0x1e4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x3ae840 | out: TokenInformation=0x0, ReturnLength=0x3ae840) returned 0 [0061.303] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x824f28 [0061.303] GetTokenInformation (in: TokenHandle=0x1e4, TokenInformationClass=0x8, TokenInformation=0x824f28, TokenInformationLength=0x4, ReturnLength=0x3ae840 | out: TokenInformation=0x824f28, ReturnLength=0x3ae840) returned 1 [0061.303] LocalFree (hMem=0x824f28) returned 0x0 [0061.304] DuplicateTokenEx (in: hExistingToken=0x1e4, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x3ae848 | out: phNewToken=0x3ae848*=0x1e0) returned 1 [0061.304] CheckTokenMembership (in: TokenHandle=0x1e0, SidToCheck=0x28f50ac*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x3ae858 | out: IsMember=0x3ae858) returned 1 [0061.304] CloseHandle (hObject=0x1e0) returned 1 [0061.304] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.304] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0061.307] LocalAlloc (uFlags=0x0, uBytes=0xea) returned 0x7a6118 [0061.308] ShellExecuteExW (in: pExecInfo=0x28f56d8*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/create /f /sc ONLOGON /RL HIGHEST /tn \"'WinUpdt\"' /tr \"'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe\"'", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x28f56d8*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/create /f /sc ONLOGON /RL HIGHEST /tn \"'WinUpdt\"' /tr \"'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe\"'", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x404)) returned 1 [0064.161] LocalFree (hMem=0x81c908) returned 0x0 [0064.161] LocalFree (hMem=0x7a6118) returned 0x0 [0064.162] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.162] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae3ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.162] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ae80c) returned 1 [0064.162] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\winupdt.exe"), fInfoLevelId=0x0, lpFileInformation=0x3ae888 | out: lpFileInformation=0x3ae888*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0064.163] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ae808) returned 1 [0064.163] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae32c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.164] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0064.164] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ae7b0) returned 1 [0064.164] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\winupdt.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x418 [0064.166] GetFileType (hFile=0x418) returned 0x1 [0064.166] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ae7ac) returned 1 [0064.166] GetFileType (hFile=0x418) returned 0x1 [0064.166] GetCurrentProcessId () returned 0x5e0 [0064.166] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x5e0) returned 0x414 [0064.166] EnumProcessModules (in: hProcess=0x414, lphModule=0x28f5d28, cb=0x100, lpcbNeeded=0x3ae870 | out: lphModule=0x28f5d28, lpcbNeeded=0x3ae870) returned 1 [0064.168] EnumProcessModules (in: hProcess=0x414, lphModule=0x28f5e34, cb=0x200, lpcbNeeded=0x3ae870 | out: lphModule=0x28f5e34, lpcbNeeded=0x3ae870) returned 1 [0064.169] GetModuleInformation (in: hProcess=0x414, hModule=0x13e0000, lpmodinfo=0x28f6074, cb=0xc | out: lpmodinfo=0x28f6074*(lpBaseOfDll=0x13e0000, SizeOfImage=0x1a000, EntryPoint=0x13f40fe)) returned 1 [0064.169] CoTaskMemAlloc (cb=0x804) returned 0x84ed20 [0064.169] GetModuleBaseNameW (in: hProcess=0x414, hModule=0x13e0000, lpBaseName=0x84ed20, nSize=0x800 | out: lpBaseName="WinUpdt.exe") returned 0xb [0064.169] CoTaskMemFree (pv=0x84ed20) [0064.169] CoTaskMemAlloc (cb=0x804) returned 0x84ed20 [0064.169] GetModuleFileNameExW (in: hProcess=0x414, hModule=0x13e0000, lpFilename=0x84ed20, nSize=0x800 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WinUpdt.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\winupdt.exe")) returned 0x31 [0064.169] CoTaskMemFree (pv=0x84ed20) [0064.170] CloseHandle (hObject=0x414) returned 1 [0064.170] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3ae298, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WinUpdt.exe", lpFilePart=0x0) returned 0x31 [0064.170] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ae78c) returned 1 [0064.170] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WinUpdt.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\winupdt.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x414 [0064.170] GetFileType (hFile=0x414) returned 0x1 [0064.170] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ae788) returned 1 [0064.170] GetFileType (hFile=0x414) returned 0x1 [0064.170] GetFileSize (in: hFile=0x414, lpFileSizeHigh=0x3ae894 | out: lpFileSizeHigh=0x3ae894*=0x0) returned 0x13a00 [0064.171] ReadFile (in: hFile=0x414, lpBuffer=0x28f82a4, nNumberOfBytesToRead=0x13a00, lpNumberOfBytesRead=0x3ae840, lpOverlapped=0x0 | out: lpBuffer=0x28f82a4*, lpNumberOfBytesRead=0x3ae840*=0x13a00, lpOverlapped=0x0) returned 1 [0064.378] CloseHandle (hObject=0x414) returned 1 [0064.378] WriteFile (in: hFile=0x418, lpBuffer=0x28f82a4*, nNumberOfBytesToWrite=0x13a00, lpNumberOfBytesWritten=0x3ae878, lpOverlapped=0x0 | out: lpBuffer=0x28f82a4*, lpNumberOfBytesWritten=0x3ae878*=0x13a00, lpOverlapped=0x0) returned 1 [0065.922] WriteFile (in: hFile=0x418, lpBuffer=0x90b1018*, nNumberOfBytesToWrite=0x2e65a0c, lpNumberOfBytesWritten=0x3ae878, lpOverlapped=0x0 | out: lpBuffer=0x90b1018*, lpNumberOfBytesWritten=0x3ae878*=0x2e65a0c, lpOverlapped=0x0) returned 1 [0067.554] CloseHandle (hObject=0x418) returned 1 [0067.952] CoGetContextToken (in: pToken=0x3ae758 | out: pToken=0x3ae758) returned 0x0 [0067.952] IUnknown:QueryInterface (in: This=0x7bb2f8, riid=0x74b4d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3ae77c | out: ppvObject=0x3ae77c*=0x7bb304) returned 0x0 [0067.952] IComThreadingInfo:GetCurrentThreadType (in: This=0x7bb304, pThreadType=0x3ae7dc | out: pThreadType=0x3ae7dc*=1) returned 0x0 [0067.952] IUnknown:Release (This=0x7bb304) returned 0x1 [0067.953] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x78d130*=0xa8, lpdwindex=0x3ae5fc | out: lpdwindex=0x3ae5fc) returned 0x0 [0067.992] CoGetContextToken (in: pToken=0x3adb6c | out: pToken=0x3adb6c) returned 0x0 [0067.992] CoGetContextToken (in: pToken=0x3adb2c | out: pToken=0x3adb2c) returned 0x0 [0067.992] WbemLocator:IUnknown:Release (This=0x81fdac) returned 0x1 [0067.992] IUnknown:Release (This=0x10501dc) returned 0x0 [0067.997] CoGetContextToken (in: pToken=0x3adbfc | out: pToken=0x3adbfc) returned 0x0 [0067.997] CoGetContextToken (in: pToken=0x3adbbc | out: pToken=0x3adbbc) returned 0x0 [0067.997] WbemLocator:IUnknown:Release (This=0x81fbcc) returned 0x1 [0067.997] IUnknown:Release (This=0x104d49c) returned 0x0 [0067.999] CoGetContextToken (in: pToken=0x3adbfc | out: pToken=0x3adbfc) returned 0x0 [0067.999] CoGetContextToken (in: pToken=0x3adbbc | out: pToken=0x3adbbc) returned 0x0 [0067.999] WbemLocator:IUnknown:Release (This=0x81c3a4) returned 0x1 [0067.999] IUnknown:Release (This=0x104d3d4) returned 0x0 [0068.029] CoGetContextToken (in: pToken=0x3adb6c | out: pToken=0x3adb6c) returned 0x0 [0068.029] CoGetContextToken (in: pToken=0x3adb54 | out: pToken=0x3adb54) returned 0x0 [0068.029] CoGetContextToken (in: pToken=0x3adae0 | out: pToken=0x3adae0) returned 0x0 [0068.029] IUnknown:Release (This=0x1050218) returned 0x1 [0068.029] IUnknown:Release (This=0x1050218) returned 0x0 [0068.029] CoGetContextToken (in: pToken=0x3adae0 | out: pToken=0x3adae0) returned 0x0 [0068.029] IUnknown:Release (This=0x104d4d8) returned 0x1 [0068.029] IUnknown:Release (This=0x104d4d8) returned 0x0 [0068.029] CoGetContextToken (in: pToken=0x3adae0 | out: pToken=0x3adae0) returned 0x0 [0068.029] WbemLocator:IUnknown:Release (This=0x81bf9c) returned 0x1 [0068.029] WbemLocator:IUnknown:Release (This=0x104ca1c) returned 0x0 Thread: id = 2 os_tid = 0x754 Thread: id = 3 os_tid = 0x620 [0028.843] CoGetContextToken (in: pToken=0xfdf6ac | out: pToken=0xfdf6ac) returned 0x800401f0 [0028.843] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0067.957] SetWindowLongW (hWnd=0x6011a, nIndex=-4, dwNewLong=2009540061) returned 12191822 [0067.959] SetClassLongW (hWnd=0x6011a, nIndex=-24, dwNewLong=2009540061) returned 0xba0826 [0067.959] PostMessageW (hWnd=0x6011a, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0067.959] SetWindowLongW (hWnd=0x3015c, nIndex=-4, dwNewLong=2009540061) returned 12192062 [0067.959] SetClassLongW (hWnd=0x3015c, nIndex=-24, dwNewLong=2009540061) returned 0x77c725dd [0067.959] PostMessageW (hWnd=0x3015c, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0067.959] SetWindowLongW (hWnd=0x3015e, nIndex=-4, dwNewLong=2009540061) returned 12192142 [0067.959] SetClassLongW (hWnd=0x3015e, nIndex=-24, dwNewLong=2009540061) returned 0xba0966 [0067.959] PostMessageW (hWnd=0x3015e, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0067.960] GetModuleHandleW (lpModuleName=0x0) returned 0x13e0000 [0067.960] UnregisterClassW (lpClassName="WindowsForms10.Window.0.app.0.141b42a_r14_ad1", hInstance=0x13e0000) returned 0 [0067.961] GetModuleHandleW (lpModuleName=0x0) returned 0x13e0000 [0067.961] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", hInstance=0x13e0000) returned 0 [0067.961] EtwEventUnregister () returned 0x0 [0067.966] IsWindow (hWnd=0x30162) returned 1 [0067.976] GetModuleHandleW (lpModuleName="user32.dll") returned 0x77130000 [0067.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0xfdf44c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW|r*õ)³\x94 tÈöý", lpUsedDefaultChar=0x0) returned 14 [0067.976] GetProcAddress (hModule=0x77130000, lpProcName="DefWindowProcW") returned 0x77c725dd [0067.976] SetWindowLongW (hWnd=0x30162, nIndex=-4, dwNewLong=2009540061) returned 12191982 [0067.977] SetClassLongW (hWnd=0x30162, nIndex=-24, dwNewLong=2009540061) returned 0xba08ee [0067.977] IsWindow (hWnd=0x30162) returned 1 [0067.977] DestroyWindow (hWnd=0x30162) returned 0 [0067.977] PostMessageW (hWnd=0x30162, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0067.977] SetConsoleCtrlHandler (HandlerRoutine=0xba08c6, Add=0) returned 1 [0067.978] DeleteObject (ho=0xd080998) returned 1 [0067.989] CloseHandle (hObject=0x364) returned 1 [0067.990] IUnknown:Release (This=0x1050218) returned 0x2 [0067.991] CoGetContextToken (in: pToken=0xfdf4f0 | out: pToken=0xfdf4f0) returned 0x0 [0067.991] IUnknown:QueryInterface (in: This=0x7bb2f8, riid=0x74aa3c98*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xfdf498 | out: ppvObject=0xfdf498*=0x7bb308) returned 0x0 [0067.991] CObjectContext::ContextCallback () returned 0x0 [0067.996] IUnknown:Release (This=0x7bb308) returned 0x1 [0067.996] IUnknown:Release (This=0x104d4d8) returned 0x2 [0067.996] CoGetContextToken (in: pToken=0xfdf4f0 | out: pToken=0xfdf4f0) returned 0x0 [0067.996] IUnknown:QueryInterface (in: This=0x7bb2f8, riid=0x74aa3c98*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xfdf498 | out: ppvObject=0xfdf498*=0x7bb308) returned 0x0 [0067.997] CObjectContext::ContextCallback () returned 0x0 [0067.998] IUnknown:Release (This=0x7bb308) returned 0x1 [0067.998] CoGetContextToken (in: pToken=0xfdf500 | out: pToken=0xfdf500) returned 0x0 [0067.998] IUnknown:QueryInterface (in: This=0x7bb2f8, riid=0x74aa3c98*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xfdf4a8 | out: ppvObject=0xfdf4a8*=0x7bb308) returned 0x0 [0067.999] CObjectContext::ContextCallback () returned 0x0 [0068.001] IUnknown:Release (This=0x7bb308) returned 0x1 [0068.003] DestroyCursor (hCursor=0xd00dd) returned 1 [0068.003] GdipDeleteFont (font=0x6f52940) returned 0x0 [0068.004] DeleteObject (ho=0x260a07cf) returned 1 [0068.004] DestroyCursor (hCursor=0x301cd) returned 1 [0068.006] CloseHandle (hObject=0x210) returned 1 [0068.015] CloseHandle (hObject=0x1e4) returned 1 [0068.015] CloseHandle (hObject=0x360) returned 1 [0068.015] UnmapViewOfFile (lpBaseAddress=0x970000) returned 1 [0068.016] CloseHandle (hObject=0x368) returned 1 [0068.016] RegCloseKey (hKey=0x354) returned 0x0 [0068.017] RegCloseKey (hKey=0x350) returned 0x0 [0068.017] RegCloseKey (hKey=0x34c) returned 0x0 [0068.018] CloseHandle (hObject=0x344) returned 1 [0068.018] CloseHandle (hObject=0x348) returned 1 [0068.018] CloseHandle (hObject=0x320) returned 1 [0068.019] CloseHandle (hObject=0x2b4) returned 1 [0068.019] CloseHandle (hObject=0x250) returned 1 [0068.019] CloseHandle (hObject=0x24c) returned 1 [0068.020] CloseHandle (hObject=0x404) returned 1 [0068.021] RegCloseKey (hKey=0x80000004) returned 0x0 [0068.022] CoGetContextToken (in: pToken=0xfdf2e8 | out: pToken=0xfdf2e8) returned 0x0 [0068.022] CoGetContextToken (in: pToken=0xfdf270 | out: pToken=0xfdf270) returned 0x0 [0068.022] WbemDefPath:IUnknown:Release (This=0x1040998) returned 0x1 [0068.022] WbemDefPath:IUnknown:Release (This=0x1040998) returned 0x0 [0068.022] CoGetContextToken (in: pToken=0xfdf270 | out: pToken=0xfdf270) returned 0x0 [0068.022] WbemDefPath:IUnknown:Release (This=0x1040820) returned 0x1 [0068.022] WbemDefPath:IUnknown:Release (This=0x1040820) returned 0x0 [0068.022] CoGetContextToken (in: pToken=0xfdf270 | out: pToken=0xfdf270) returned 0x0 [0068.022] WbemDefPath:IUnknown:Release (This=0x104ca30) returned 0x1 [0068.023] WbemDefPath:IUnknown:Release (This=0x104ca30) returned 0x0 [0068.023] CoGetContextToken (in: pToken=0xfdf2e8 | out: pToken=0xfdf2e8) returned 0x0 [0068.023] CoGetContextToken (in: pToken=0xfdf270 | out: pToken=0xfdf270) returned 0x0 [0068.023] WbemLocator:IUnknown:Release (This=0x1040b30) returned 0x1 [0068.023] WbemLocator:IUnknown:Release (This=0x1040b30) returned 0x0 [0068.023] CoGetContextToken (in: pToken=0xfdf270 | out: pToken=0xfdf270) returned 0x0 [0068.023] WbemLocator:IUnknown:Release (This=0x811f0c) returned 0x1 [0068.023] WbemLocator:IUnknown:Release (This=0x104d334) returned 0x0 [0068.023] CoReleaseMarshalData (pStm=0x7f5c20) returned 0x0 [0068.028] IUnknown:Release (This=0x7bb468) returned 0x0 [0068.028] CoGetContextToken (in: pToken=0xfdf2e8 | out: pToken=0xfdf2e8) returned 0x0 [0068.028] IUnknown:QueryInterface (in: This=0x7bb2f8, riid=0x74aa3c98*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0xfdf290 | out: ppvObject=0xfdf290*=0x7bb308) returned 0x0 [0068.028] CObjectContext::ContextCallback () returned 0x0 [0068.030] IUnknown:Release (This=0x7bb308) returned 0x1 [0068.030] IUnknown:Release (This=0x7bb2f8) returned 0x0 [0068.030] SleepEx (dwMilliseconds=0xffffffff, bAlertable=0) Thread: id = 4 os_tid = 0x688 Thread: id = 5 os_tid = 0x124 [0057.434] CoGetContextToken (in: pToken=0x4bef97c | out: pToken=0x4bef97c) returned 0x0 [0057.435] IUnknown:QueryInterface (in: This=0x7bb468, riid=0x74b4d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4bef9a0 | out: ppvObject=0x4bef9a0*=0x7bb474) returned 0x0 [0057.435] IComThreadingInfo:GetCurrentThreadType (in: This=0x7bb474, pThreadType=0x4bef9cc | out: pThreadType=0x4bef9cc*=0) returned 0x0 [0057.435] IUnknown:Release (This=0x7bb474) returned 0x1 Thread: id = 6 os_tid = 0x9c4 Thread: id = 7 os_tid = 0x9d8 [0033.120] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0033.300] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x859f424 | out: lpiid=0x859f424) returned 0x0 [0033.302] CoGetClassObject (in: rclsid=0x7f647c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x859f138 | out: ppv=0x859f138*=0x1040810) returned 0x0 [0034.064] WbemDefPath:IUnknown:QueryInterface (in: This=0x1040810, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x859f350 | out: ppvObject=0x859f350*=0x0) returned 0x80004002 [0034.064] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1040810, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x859f364 | out: ppvObject=0x859f364*=0x1040820) returned 0x0 [0034.064] WbemDefPath:IUnknown:Release (This=0x1040810) returned 0x0 [0034.064] WbemDefPath:IUnknown:QueryInterface (in: This=0x1040820, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x859ef84 | out: ppvObject=0x859ef84*=0x1040820) returned 0x0 [0034.067] WbemDefPath:IUnknown:QueryInterface (in: This=0x1040820, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x859ef40 | out: ppvObject=0x859ef40*=0x0) returned 0x80004002 [0034.067] WbemDefPath:IUnknown:AddRef (This=0x1040820) returned 0x3 [0034.067] WbemDefPath:IUnknown:QueryInterface (in: This=0x1040820, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x859e89c | out: ppvObject=0x859e89c*=0x0) returned 0x80004002 [0034.067] WbemDefPath:IUnknown:QueryInterface (in: This=0x1040820, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x859e84c | out: ppvObject=0x859e84c*=0x0) returned 0x80004002 [0034.067] WbemDefPath:IUnknown:QueryInterface (in: This=0x1040820, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x859e858 | out: ppvObject=0x859e858*=0x7ee488) returned 0x0 [0034.067] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ee488, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x859e860 | out: pCid=0x859e860*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0034.067] WbemDefPath:IUnknown:Release (This=0x7ee488) returned 0x3 [0034.067] CoGetContextToken (in: pToken=0x859e8b8 | out: pToken=0x859e8b8) returned 0x0 [0034.068] CoGetContextToken (in: pToken=0x859ecc0 | out: pToken=0x859ecc0) returned 0x0 [0034.068] WbemDefPath:IUnknown:QueryInterface (in: This=0x1040820, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x859ed50 | out: ppvObject=0x859ed50*=0x0) returned 0x80004002 [0034.068] WbemDefPath:IUnknown:Release (This=0x1040820) returned 0x2 [0034.068] WbemDefPath:IUnknown:Release (This=0x1040820) returned 0x1 [0034.069] SetEvent (hEvent=0x250) returned 1 [0034.077] CoGetClassObject (in: rclsid=0x7f647c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x859f138 | out: ppv=0x859f138*=0x10408f0) returned 0x0 [0034.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x10408f0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x859f350 | out: ppvObject=0x859f350*=0x0) returned 0x80004002 [0034.077] WbemDefPath:IClassFactory:CreateInstance (in: This=0x10408f0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x859f364 | out: ppvObject=0x859f364*=0x1040998) returned 0x0 [0034.077] WbemDefPath:IUnknown:Release (This=0x10408f0) returned 0x0 [0034.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x1040998, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x859ef84 | out: ppvObject=0x859ef84*=0x1040998) returned 0x0 [0034.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x1040998, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x859ef40 | out: ppvObject=0x859ef40*=0x0) returned 0x80004002 [0034.077] WbemDefPath:IUnknown:AddRef (This=0x1040998) returned 0x3 [0034.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x1040998, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x859e89c | out: ppvObject=0x859e89c*=0x0) returned 0x80004002 [0034.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x1040998, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x859e84c | out: ppvObject=0x859e84c*=0x0) returned 0x80004002 [0034.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x1040998, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x859e858 | out: ppvObject=0x859e858*=0x7ee4b8) returned 0x0 [0034.077] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ee4b8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x859e860 | out: pCid=0x859e860*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0034.077] WbemDefPath:IUnknown:Release (This=0x7ee4b8) returned 0x3 [0034.077] CoGetContextToken (in: pToken=0x859e8b8 | out: pToken=0x859e8b8) returned 0x0 [0034.078] CoGetContextToken (in: pToken=0x859ecc0 | out: pToken=0x859ecc0) returned 0x0 [0034.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x1040998, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x859ed50 | out: ppvObject=0x859ed50*=0x0) returned 0x80004002 [0034.078] WbemDefPath:IUnknown:Release (This=0x1040998) returned 0x2 [0034.078] WbemDefPath:IUnknown:Release (This=0x1040998) returned 0x1 [0034.078] SetEvent (hEvent=0x2b4) returned 1 [0038.866] CoGetClassObject (in: rclsid=0x7f647c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x859f138 | out: ppv=0x859f138*=0x1040b40) returned 0x0 [0038.866] WbemDefPath:IUnknown:QueryInterface (in: This=0x1040b40, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x859f350 | out: ppvObject=0x859f350*=0x0) returned 0x80004002 [0038.866] WbemDefPath:IClassFactory:CreateInstance (in: This=0x1040b40, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x859f364 | out: ppvObject=0x859f364*=0x104ca30) returned 0x0 [0038.866] WbemDefPath:IUnknown:Release (This=0x1040b40) returned 0x0 [0038.866] WbemDefPath:IUnknown:QueryInterface (in: This=0x104ca30, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x859ef84 | out: ppvObject=0x859ef84*=0x104ca30) returned 0x0 [0038.866] WbemDefPath:IUnknown:QueryInterface (in: This=0x104ca30, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x859ef40 | out: ppvObject=0x859ef40*=0x0) returned 0x80004002 [0038.866] WbemDefPath:IUnknown:AddRef (This=0x104ca30) returned 0x3 [0038.866] WbemDefPath:IUnknown:QueryInterface (in: This=0x104ca30, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x859e89c | out: ppvObject=0x859e89c*=0x0) returned 0x80004002 [0038.866] WbemDefPath:IUnknown:QueryInterface (in: This=0x104ca30, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x859e84c | out: ppvObject=0x859e84c*=0x0) returned 0x80004002 [0038.866] WbemDefPath:IUnknown:QueryInterface (in: This=0x104ca30, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x859e858 | out: ppvObject=0x859e858*=0x7ee628) returned 0x0 [0038.866] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7ee628, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x859e860 | out: pCid=0x859e860*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0038.866] WbemDefPath:IUnknown:Release (This=0x7ee628) returned 0x3 [0038.866] CoGetContextToken (in: pToken=0x859e8b8 | out: pToken=0x859e8b8) returned 0x0 [0038.866] CoGetContextToken (in: pToken=0x859ecc0 | out: pToken=0x859ecc0) returned 0x0 [0038.866] WbemDefPath:IUnknown:QueryInterface (in: This=0x104ca30, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x859ed50 | out: ppvObject=0x859ed50*=0x0) returned 0x80004002 [0038.867] WbemDefPath:IUnknown:Release (This=0x104ca30) returned 0x2 [0038.867] WbemDefPath:IUnknown:Release (This=0x104ca30) returned 0x1 [0038.867] SetEvent (hEvent=0x320) returned 1 Thread: id = 8 os_tid = 0x9e8 Thread: id = 9 os_tid = 0x9f8 Thread: id = 10 os_tid = 0xa08 Thread: id = 11 os_tid = 0xa18 [0034.083] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0034.083] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x8c2f75c | out: lpiid=0x8c2f75c) returned 0x0 [0034.084] CoGetClassObject (in: rclsid=0x7f64dc*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8c2f470 | out: ppv=0x8c2f470*=0x1040928) returned 0x0 [0034.191] WbemLocator:IUnknown:QueryInterface (in: This=0x1040928, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8c2f688 | out: ppvObject=0x8c2f688*=0x0) returned 0x80004002 [0034.191] WbemLocator:IClassFactory:CreateInstance (in: This=0x1040928, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8c2f69c | out: ppvObject=0x8c2f69c*=0x1040b30) returned 0x0 [0034.191] WbemLocator:IUnknown:Release (This=0x1040928) returned 0x0 [0034.191] WbemLocator:IUnknown:QueryInterface (in: This=0x1040b30, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8c2f2bc | out: ppvObject=0x8c2f2bc*=0x1040b30) returned 0x0 [0034.191] WbemLocator:IUnknown:QueryInterface (in: This=0x1040b30, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8c2f278 | out: ppvObject=0x8c2f278*=0x0) returned 0x80004002 [0034.192] WbemLocator:IUnknown:AddRef (This=0x1040b30) returned 0x3 [0034.192] WbemLocator:IUnknown:QueryInterface (in: This=0x1040b30, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8c2ebd4 | out: ppvObject=0x8c2ebd4*=0x0) returned 0x80004002 [0034.192] WbemLocator:IUnknown:QueryInterface (in: This=0x1040b30, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8c2eb84 | out: ppvObject=0x8c2eb84*=0x0) returned 0x80004002 [0034.192] WbemLocator:IUnknown:QueryInterface (in: This=0x1040b30, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8c2eb90 | out: ppvObject=0x8c2eb90*=0x0) returned 0x80004002 [0034.192] CoGetContextToken (in: pToken=0x8c2ebf0 | out: pToken=0x8c2ebf0) returned 0x0 [0034.193] CoGetObjectContext (in: riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x80702c | out: ppv=0x80702c*=0x7bb468) returned 0x0 [0034.194] CoGetContextToken (in: pToken=0x8c2eff8 | out: pToken=0x8c2eff8) returned 0x0 [0034.194] WbemLocator:IUnknown:QueryInterface (in: This=0x1040b30, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8c2f088 | out: ppvObject=0x8c2f088*=0x0) returned 0x80004002 [0034.194] WbemLocator:IUnknown:Release (This=0x1040b30) returned 0x2 [0034.194] WbemLocator:IUnknown:Release (This=0x1040b30) returned 0x1 [0034.195] CoGetContextToken (in: pToken=0x8c2f668 | out: pToken=0x8c2f668) returned 0x0 [0034.196] CoGetContextToken (in: pToken=0x8c2f5c8 | out: pToken=0x8c2f5c8) returned 0x0 [0034.196] WbemLocator:IUnknown:QueryInterface (in: This=0x1040b30, riid=0x8c2f698*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8c2f694 | out: ppvObject=0x8c2f694*=0x1040b30) returned 0x0 [0034.196] WbemLocator:IUnknown:AddRef (This=0x1040b30) returned 0x3 [0034.196] WbemLocator:IUnknown:Release (This=0x1040b30) returned 0x2 [0034.201] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x1040998, puCount=0x8c2f82c | out: puCount=0x8c2f82c*=0x2) returned 0x0 [0034.201] WbemDefPath:IWbemPath:GetText (in: This=0x1040998, lFlags=8, puBuffLength=0x8c2f828*=0x0, pszText=0x0 | out: puBuffLength=0x8c2f828*=0xf, pszText=0x0) returned 0x0 [0034.201] WbemDefPath:IWbemPath:GetText (in: This=0x1040998, lFlags=8, puBuffLength=0x8c2f828*=0xf, pszText="00000000000000" | out: puBuffLength=0x8c2f828*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0034.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x8c2eab0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0034.207] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x8c2efb0, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", lpUsedDefaultChar=0x0) returned 63 [0034.207] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x741f0000 [0034.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x8c2efe4, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecurity\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 13 [0034.294] GetProcAddress (hModule=0x741f0000, lpProcName="ResetSecurity") returned 0x741f24de [0034.304] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x8c2efe4, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity", lpUsedDefaultChar=0x0) returned 11 [0034.304] GetProcAddress (hModule=0x741f0000, lpProcName="SetSecurity") returned 0x741f2520 [0034.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x8c2efe0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServices\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 18 [0034.311] GetProcAddress (hModule=0x741f0000, lpProcName="BlessIWbemServices") returned 0x741f1c69 [0034.334] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x8c2efd8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObjectD\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 24 [0034.334] GetProcAddress (hModule=0x741f0000, lpProcName="BlessIWbemServicesObject") returned 0x741f1cbb [0034.353] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x8c2efe0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandle\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 17 [0034.354] GetProcAddress (hModule=0x741f0000, lpProcName="GetPropertyHandle") returned 0x741f21b4 [0034.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x8c2efe0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValue\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 18 [0034.364] GetProcAddress (hModule=0x741f0000, lpProcName="WritePropertyValue") returned 0x741f2617 [0034.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x8c2efec, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 5 [0034.373] GetProcAddress (hModule=0x741f0000, lpProcName="Clone") returned 0x741f1d0d [0034.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x8c2efe0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey", lpUsedDefaultChar=0x0) returned 15 [0034.380] GetProcAddress (hModule=0x741f0000, lpProcName="VerifyClientKey") returned 0x741f25b4 [0034.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetQualifierSet", cchWideChar=15, lpMultiByteStr=0x8c2efe0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetQualifierSet", lpUsedDefaultChar=0x0) returned 15 [0034.384] GetProcAddress (hModule=0x741f0000, lpProcName="GetQualifierSet") returned 0x741f2215 [0034.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get", cchWideChar=3, lpMultiByteStr=0x8c2efec, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get", lpUsedDefaultChar=0x0) returned 3 [0034.385] GetProcAddress (hModule=0x741f0000, lpProcName="Get") returned 0x741f20d4 [0034.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x8c2efec, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put", lpUsedDefaultChar=0x0) returned 3 [0034.402] GetProcAddress (hModule=0x741f0000, lpProcName="Put") returned 0x741f22be [0034.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x8c2efec, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Delete\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 6 [0034.415] GetProcAddress (hModule=0x741f0000, lpProcName="Delete") returned 0x741f1f31 [0034.423] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x8c2efe8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNamesD\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 8 [0034.423] GetProcAddress (hModule=0x741f0000, lpProcName="GetNames") returned 0x741f2182 [0034.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x8c2efe0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumerationD\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 16 [0034.445] GetProcAddress (hModule=0x741f0000, lpProcName="BeginEnumeration") returned 0x741f1c43 [0034.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x8c2efec, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextD\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 4 [0034.451] GetProcAddress (hModule=0x741f0000, lpProcName="Next") returned 0x741f2283 [0034.464] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x8c2efe4, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumeration\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 14 [0034.464] GetProcAddress (hModule=0x741f0000, lpProcName="EndEnumeration") returned 0x741f1fc2 [0034.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x8c2efd8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet", lpUsedDefaultChar=0x0) returned 23 [0034.470] GetProcAddress (hModule=0x741f0000, lpProcName="GetPropertyQualifierSet") returned 0x741f21ff [0034.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x8c2efec, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 5 [0034.479] GetProcAddress (hModule=0x741f0000, lpProcName="Clone") returned 0x741f1d0d [0034.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x8c2efe4, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectText\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 13 [0034.479] GetProcAddress (hModule=0x741f0000, lpProcName="GetObjectText") returned 0x741f219e [0034.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x8c2efe0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClass\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 17 [0034.489] GetProcAddress (hModule=0x741f0000, lpProcName="SpawnDerivedClass") returned 0x741f2566 [0034.496] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnInstance", cchWideChar=13, lpMultiByteStr=0x8c2efe4, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnInstance\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 13 [0034.496] GetProcAddress (hModule=0x741f0000, lpProcName="SpawnInstance") returned 0x741f257c [0034.497] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CompareTo", cchWideChar=9, lpMultiByteStr=0x8c2efe8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CompareTo\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 9 [0034.497] GetProcAddress (hModule=0x741f0000, lpProcName="CompareTo") returned 0x741f1d8d [0034.505] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyOrigin", cchWideChar=17, lpMultiByteStr=0x8c2efe0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyOrigin\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 17 [0034.505] GetProcAddress (hModule=0x741f0000, lpProcName="GetPropertyOrigin") returned 0x741f21e9 [0034.516] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="InheritsFrom", cchWideChar=12, lpMultiByteStr=0x8c2efe4, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InheritsFromD\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 12 [0034.516] GetProcAddress (hModule=0x741f0000, lpProcName="InheritsFrom") returned 0x741f2228 [0034.517] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethod", cchWideChar=9, lpMultiByteStr=0x8c2efe8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethod\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 9 [0034.517] GetProcAddress (hModule=0x741f0000, lpProcName="GetMethod") returned 0x741f213a [0034.528] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutMethod", cchWideChar=9, lpMultiByteStr=0x8c2efe8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutMethod\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 9 [0034.528] GetProcAddress (hModule=0x741f0000, lpProcName="PutMethod") returned 0x741f23da [0034.538] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DeleteMethod", cchWideChar=12, lpMultiByteStr=0x8c2efe4, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteMethodD\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 12 [0034.538] GetProcAddress (hModule=0x741f0000, lpProcName="DeleteMethod") returned 0x741f1f44 [0034.539] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginMethodEnumeration", cchWideChar=22, lpMultiByteStr=0x8c2efdc, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginMethodEnumeration\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 22 [0034.539] GetProcAddress (hModule=0x741f0000, lpProcName="BeginMethodEnumeration") returned 0x741f1c56 [0034.540] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NextMethod", cchWideChar=10, lpMultiByteStr=0x8c2efe8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextMethod\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 10 [0034.540] GetProcAddress (hModule=0x741f0000, lpProcName="NextMethod") returned 0x741f22a2 [0034.551] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndMethodEnumeration", cchWideChar=20, lpMultiByteStr=0x8c2efdc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndMethodEnumerationD\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 20 [0034.551] GetProcAddress (hModule=0x741f0000, lpProcName="EndMethodEnumeration") returned 0x741f1fd2 [0034.552] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodQualifierSet", cchWideChar=21, lpMultiByteStr=0x8c2efdc, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodQualifierSet\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 21 [0034.553] GetProcAddress (hModule=0x741f0000, lpProcName="GetMethodQualifierSet") returned 0x741f216c [0034.554] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodOrigin", cchWideChar=15, lpMultiByteStr=0x8c2efe0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodOrigin", lpUsedDefaultChar=0x0) returned 15 [0034.554] GetProcAddress (hModule=0x741f0000, lpProcName="GetMethodOrigin") returned 0x741f2156 [0034.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Get", cchWideChar=16, lpMultiByteStr=0x8c2efe0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetD\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 16 [0034.555] GetProcAddress (hModule=0x741f0000, lpProcName="QualifierSet_Get") returned 0x741f242c [0034.574] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Put", cchWideChar=16, lpMultiByteStr=0x8c2efe0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_PutD\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 16 [0034.574] GetProcAddress (hModule=0x741f0000, lpProcName="QualifierSet_Put") returned 0x741f247a [0034.587] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Delete", cchWideChar=19, lpMultiByteStr=0x8c2efdc, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Delete", lpUsedDefaultChar=0x0) returned 19 [0034.587] GetProcAddress (hModule=0x741f0000, lpProcName="QualifierSet_Delete") returned 0x741f2409 [0034.588] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_GetNames", cchWideChar=21, lpMultiByteStr=0x8c2efdc, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetNames\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 21 [0034.588] GetProcAddress (hModule=0x741f0000, lpProcName="QualifierSet_GetNames") returned 0x741f2448 [0034.600] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_BeginEnumeration", cchWideChar=29, lpMultiByteStr=0x8c2efd4, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_BeginEnumeration\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 29 [0034.600] GetProcAddress (hModule=0x741f0000, lpProcName="QualifierSet_BeginEnumeration") returned 0x741f23f6 [0034.601] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Next", cchWideChar=17, lpMultiByteStr=0x8c2efe0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Next\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 17 [0034.602] GetProcAddress (hModule=0x741f0000, lpProcName="QualifierSet_Next") returned 0x741f245e [0034.613] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_EndEnumeration", cchWideChar=27, lpMultiByteStr=0x8c2efd4, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_EndEnumeration", lpUsedDefaultChar=0x0) returned 27 [0034.613] GetProcAddress (hModule=0x741f0000, lpProcName="QualifierSet_EndEnumeration") returned 0x741f241c [0034.614] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetCurrentApartmentType", cchWideChar=23, lpMultiByteStr=0x8c2efd8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentApartmentType", lpUsedDefaultChar=0x0) returned 23 [0034.614] GetProcAddress (hModule=0x741f0000, lpProcName="GetCurrentApartmentType") returned 0x741f2215 [0034.620] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDemultiplexedStub", cchWideChar=20, lpMultiByteStr=0x8c2efdc, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDemultiplexedStubD\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 20 [0034.620] GetProcAddress (hModule=0x741f0000, lpProcName="GetDemultiplexedStub") returned 0x741f20f3 [0034.632] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateInstanceEnumWmi", cchWideChar=21, lpMultiByteStr=0x8c2efdc, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateInstanceEnumWmi\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 21 [0034.632] GetProcAddress (hModule=0x741f0000, lpProcName="CreateInstanceEnumWmi") returned 0x741f1ebb [0034.650] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateClassEnumWmi", cchWideChar=18, lpMultiByteStr=0x8c2efe0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateClassEnumWmi\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 18 [0034.650] GetProcAddress (hModule=0x741f0000, lpProcName="CreateClassEnumWmi") returned 0x741f1e45 [0034.651] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecQueryWmi", cchWideChar=12, lpMultiByteStr=0x8c2efe4, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecQueryWmiD\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 12 [0034.651] GetProcAddress (hModule=0x741f0000, lpProcName="ExecQueryWmi") returned 0x741f205b [0034.787] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutClassWmi", cchWideChar=11, lpMultiByteStr=0x8c2efe4, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutClassWmi", lpUsedDefaultChar=0x0) returned 11 [0034.787] GetProcAddress (hModule=0x741f0000, lpProcName="PutClassWmi") returned 0x741f22da [0034.788] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CloneEnumWbemClassObject", cchWideChar=24, lpMultiByteStr=0x8c2efd8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CloneEnumWbemClassObjectD\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 24 [0034.788] GetProcAddress (hModule=0x741f0000, lpProcName="CloneEnumWbemClassObject") returned 0x741f1d20 [0034.816] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ConnectServerWmi", cchWideChar=16, lpMultiByteStr=0x8c2efe0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ConnectServerWmiD\x1a\x1dq*õ)³\x94 t¨òÂ\x08", lpUsedDefaultChar=0x0) returned 16 [0034.816] GetProcAddress (hModule=0x741f0000, lpProcName="ConnectServerWmi") returned 0x741f1da3 [0034.839] CoCreateInstance (in: rclsid=0x741f1284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x741f12e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8c2f704 | out: ppv=0x8c2f704*=0x1040b40) returned 0x0 [0034.839] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1040b40, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8c2f798 | out: ppNamespace=0x8c2f798*=0x104d334) returned 0x0 [0038.757] WbemLocator:IUnknown:QueryInterface (in: This=0x104d334, riid=0x741f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8c2f634 | out: ppvObject=0x8c2f634*=0x811eec) returned 0x0 [0038.757] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x811eec, pProxy=0x104d334, pAuthnSvc=0x8c2f684, pAuthzSvc=0x8c2f680, pServerPrincName=0x8c2f678, pAuthnLevel=0x8c2f67c, pImpLevel=0x8c2f66c, pAuthInfo=0x8c2f670, pCapabilites=0x8c2f674 | out: pAuthnSvc=0x8c2f684*=0xa, pAuthzSvc=0x8c2f680*=0x0, pServerPrincName=0x8c2f678, pAuthnLevel=0x8c2f67c*=0x6, pImpLevel=0x8c2f66c*=0x2, pAuthInfo=0x8c2f670, pCapabilites=0x8c2f674*=0x1) returned 0x0 [0038.757] WbemLocator:IUnknown:Release (This=0x811eec) returned 0x1 [0038.757] WbemLocator:IUnknown:QueryInterface (in: This=0x104d334, riid=0x741f10f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8c2f628 | out: ppvObject=0x8c2f628*=0x811f0c) returned 0x0 [0038.757] WbemLocator:IUnknown:QueryInterface (in: This=0x104d334, riid=0x741f1104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8c2f624 | out: ppvObject=0x8c2f624*=0x811eec) returned 0x0 [0038.757] WbemLocator:IClientSecurity:SetBlanket (This=0x811eec, pProxy=0x104d334, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0038.757] WbemLocator:IUnknown:Release (This=0x811eec) returned 0x2 [0038.757] WbemLocator:IUnknown:Release (This=0x811f0c) returned 0x1 [0038.757] CoTaskMemFree (pv=0x7a9bb8) [0038.757] WbemLocator:IUnknown:Release (This=0x1040b40) returned 0x0 [0038.757] WbemLocator:IUnknown:QueryInterface (in: This=0x104d334, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8c2f224 | out: ppvObject=0x8c2f224*=0x811f0c) returned 0x0 [0038.758] WbemLocator:IUnknown:QueryInterface (in: This=0x811f0c, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8c2f1e0 | out: ppvObject=0x8c2f1e0*=0x0) returned 0x80004002 [0038.758] WbemLocator:IUnknown:QueryInterface (in: This=0x811f0c, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8c2effc | out: ppvObject=0x8c2effc*=0x0) returned 0x80004002 [0038.758] WbemLocator:IUnknown:AddRef (This=0x811f0c) returned 0x3 [0038.758] WbemLocator:IUnknown:QueryInterface (in: This=0x811f0c, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8c2eb3c | out: ppvObject=0x8c2eb3c*=0x0) returned 0x80004002 [0038.759] WbemLocator:IUnknown:QueryInterface (in: This=0x811f0c, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8c2eaec | out: ppvObject=0x8c2eaec*=0x0) returned 0x80004002 [0038.759] WbemLocator:IUnknown:QueryInterface (in: This=0x811f0c, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8c2eaf8 | out: ppvObject=0x8c2eaf8*=0x811e6c) returned 0x0 [0038.759] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x811e6c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8c2eb00 | out: pCid=0x8c2eb00*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0038.759] WbemLocator:IUnknown:Release (This=0x811e6c) returned 0x3 [0038.759] CoGetContextToken (in: pToken=0x8c2eb58 | out: pToken=0x8c2eb58) returned 0x0 [0038.759] CoGetContextToken (in: pToken=0x8c2ef60 | out: pToken=0x8c2ef60) returned 0x0 [0038.760] WbemLocator:IUnknown:QueryInterface (in: This=0x811f0c, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8c2eff0 | out: ppvObject=0x8c2eff0*=0x811ef4) returned 0x0 [0038.760] WbemLocator:IRpcOptions:Query (in: This=0x811ef4, pPrx=0x811f0c, dwProperty=2, pdwValue=0x8c2f018 | out: pdwValue=0x8c2f018) returned 0x80004002 [0038.761] WbemLocator:IUnknown:Release (This=0x811ef4) returned 0x3 [0038.761] WbemLocator:IUnknown:Release (This=0x811f0c) returned 0x2 [0038.761] CoGetContextToken (in: pToken=0x8c2f538 | out: pToken=0x8c2f538) returned 0x0 [0038.761] CoGetContextToken (in: pToken=0x8c2f498 | out: pToken=0x8c2f498) returned 0x0 [0038.761] WbemLocator:IUnknown:QueryInterface (in: This=0x811f0c, riid=0x8c2f568*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8c2f564 | out: ppvObject=0x8c2f564*=0x104d334) returned 0x0 [0038.761] WbemLocator:IUnknown:AddRef (This=0x104d334) returned 0x4 [0038.761] WbemLocator:IUnknown:Release (This=0x104d334) returned 0x3 [0038.761] WbemLocator:IUnknown:Release (This=0x104d334) returned 0x2 [0038.768] SysStringLen (param_1=0x0) returned 0x0 [0038.768] CoUninitialize () Thread: id = 12 os_tid = 0xa38 Thread: id = 51 os_tid = 0x31c [0038.785] CoGetContextToken (in: pToken=0x8f0f648 | out: pToken=0x8f0f648) returned 0x0 [0038.786] CoGetContextToken (in: pToken=0x8f0f638 | out: pToken=0x8f0f638) returned 0x0 [0038.786] CoGetMarshalSizeMax (in: pulSize=0x8f0f5f4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x811f0c, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x8f0f5f4) returned 0x0 [0038.786] CoMarshalInterface (pStm=0x7f5c20, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x811f0c, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 Thread: id = 74 os_tid = 0x51c Thread: id = 97 os_tid = 0x80c Thread: id = 106 os_tid = 0x89c Process: id = "2" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x971d000" os_pid = "0x370" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d057" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 13 os_tid = 0x5d8 Thread: id = 14 os_tid = 0x320 Thread: id = 15 os_tid = 0x6cc Thread: id = 16 os_tid = 0x42c Thread: id = 17 os_tid = 0x1e4 Thread: id = 18 os_tid = 0x760 Thread: id = 19 os_tid = 0x75c Thread: id = 20 os_tid = 0x74c Thread: id = 21 os_tid = 0x710 Thread: id = 22 os_tid = 0x6e8 Thread: id = 23 os_tid = 0x6e0 Thread: id = 24 os_tid = 0x6d0 Thread: id = 25 os_tid = 0x6bc Thread: id = 26 os_tid = 0x6b8 Thread: id = 27 os_tid = 0x6b0 Thread: id = 28 os_tid = 0x6a8 Thread: id = 29 os_tid = 0x69c Thread: id = 30 os_tid = 0x698 Thread: id = 31 os_tid = 0x684 Thread: id = 32 os_tid = 0x678 Thread: id = 33 os_tid = 0x4a8 Thread: id = 34 os_tid = 0x46c Thread: id = 35 os_tid = 0x44c Thread: id = 36 os_tid = 0x424 Thread: id = 37 os_tid = 0x420 Thread: id = 38 os_tid = 0x41c Thread: id = 39 os_tid = 0x404 Thread: id = 40 os_tid = 0x14c Thread: id = 41 os_tid = 0x158 Thread: id = 42 os_tid = 0x3fc Thread: id = 43 os_tid = 0x3f4 Thread: id = 44 os_tid = 0x3e8 Thread: id = 45 os_tid = 0x39c Thread: id = 46 os_tid = 0x390 Thread: id = 47 os_tid = 0x38c Thread: id = 48 os_tid = 0x388 Thread: id = 49 os_tid = 0x37c Thread: id = 50 os_tid = 0x374 Thread: id = 69 os_tid = 0xa60 Thread: id = 70 os_tid = 0xa5c Thread: id = 71 os_tid = 0xa50 Thread: id = 72 os_tid = 0xa4c Thread: id = 73 os_tid = 0x25c Thread: id = 83 os_tid = 0x40c Thread: id = 84 os_tid = 0x7e0 Thread: id = 85 os_tid = 0x3d4 Thread: id = 86 os_tid = 0x7a0 Thread: id = 87 os_tid = 0x544 Thread: id = 88 os_tid = 0x360 Thread: id = 89 os_tid = 0x534 Thread: id = 90 os_tid = 0x57c Thread: id = 91 os_tid = 0x7d4 Thread: id = 92 os_tid = 0x364 Thread: id = 95 os_tid = 0x774 Thread: id = 96 os_tid = 0x70c Thread: id = 107 os_tid = 0x634 Thread: id = 108 os_tid = 0x810 Thread: id = 109 os_tid = 0x874 Thread: id = 110 os_tid = 0x820 Thread: id = 111 os_tid = 0x8b0 Thread: id = 112 os_tid = 0x830 Thread: id = 113 os_tid = 0x860 Thread: id = 114 os_tid = 0x700 Thread: id = 115 os_tid = 0x664 Thread: id = 116 os_tid = 0x9a0 Thread: id = 117 os_tid = 0xa50 Thread: id = 118 os_tid = 0xa5c Thread: id = 119 os_tid = 0xa60 Thread: id = 140 os_tid = 0x688 Thread: id = 141 os_tid = 0x9c4 Thread: id = 142 os_tid = 0x9d8 Thread: id = 143 os_tid = 0x9e8 Thread: id = 145 os_tid = 0x31c Thread: id = 146 os_tid = 0x89c Process: id = "3" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x6066b000" os_pid = "0xa94" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:00040e15" [0xc000000f] Thread: id = 52 os_tid = 0xac0 Thread: id = 53 os_tid = 0xab4 Thread: id = 54 os_tid = 0xab0 Thread: id = 55 os_tid = 0xaac Thread: id = 56 os_tid = 0xaa8 Thread: id = 57 os_tid = 0xaa4 Thread: id = 58 os_tid = 0xaa0 Thread: id = 59 os_tid = 0xa9c Thread: id = 60 os_tid = 0xa98 Thread: id = 93 os_tid = 0x5b8 Thread: id = 144 os_tid = 0xa18 Thread: id = 149 os_tid = 0x40c Thread: id = 151 os_tid = 0xacc Process: id = "4" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x61a66000" os_pid = "0xa68" os_integrity_level = "0x4000" os_privileges = "0xe60b1e990" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d057" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 61 os_tid = 0xa88 Thread: id = 62 os_tid = 0xa84 Thread: id = 63 os_tid = 0xa80 Thread: id = 64 os_tid = 0xa7c Thread: id = 65 os_tid = 0xa78 Thread: id = 66 os_tid = 0xa74 Thread: id = 67 os_tid = 0xa70 Thread: id = 68 os_tid = 0xa6c Thread: id = 94 os_tid = 0x6f4 Thread: id = 148 os_tid = 0x360 Thread: id = 152 os_tid = 0xac8 Process: id = "5" image_name = "powershell.exe" filename = "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe" page_root = "0x4ce62000" os_pid = "0x670" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x5e0" cmd_line = "\"powershell\" Get-MpPreference -verbose" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 75 os_tid = 0x32c [0042.947] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0043.216] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0043.216] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0043.216] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0043.216] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0043.946] GetVersionExW (in: lpVersionInformation=0x367718*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x367718*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0043.946] GetLastError () returned 0x2 [0043.947] GetVersionExW (in: lpVersionInformation=0x367718*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x367718*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0043.947] GetLastError () returned 0x2 [0043.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e7fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0043.953] GetLastError () returned 0x2 [0043.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e818, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0043.960] GetLastError () returned 0x2 [0043.960] GetVersionExW (in: lpVersionInformation=0x367718*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x367718*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0043.960] GetLastError () returned 0x2 [0043.961] SetErrorMode (uMode=0x1) returned 0x1 [0043.962] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x29ec98 | out: lpFileInformation=0x29ec98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0043.962] GetLastError () returned 0x2 [0043.962] SetErrorMode (uMode=0x1) returned 0x1 [0043.966] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x29ed1c | out: lpdwHandle=0x29ed1c) returned 0x94c [0043.968] GetLastError () returned 0x0 [0043.969] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2be4d48 | out: lpData=0x2be4d48) returned 1 [0043.973] VerQueryValueW (in: pBlock=0x2be4d48, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x29ece8, puLen=0x29ece4 | out: lplpBuffer=0x29ece8*=0x2be4de4, puLen=0x29ece4) returned 1 [0043.975] lstrlenW (lpString="䅁") returned 1 [0043.984] VerQueryValueW (in: pBlock=0x2be4d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x29ec64, puLen=0x29ec60 | out: lplpBuffer=0x29ec64*=0x2be4ec0, puLen=0x29ec60) returned 1 [0043.985] lstrlenW (lpString="Microsoft Corporation") returned 21 [0043.986] lstrcpyW (in: lpString1=0x367700, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0043.986] VerQueryValueW (in: pBlock=0x2be4d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x29ec64, puLen=0x29ec60 | out: lplpBuffer=0x29ec64*=0x2be4f14, puLen=0x29ec60) returned 1 [0043.986] lstrlenW (lpString="System.Management.Automation") returned 28 [0043.986] lstrcpyW (in: lpString1=0x367700, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0043.986] VerQueryValueW (in: pBlock=0x2be4d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x29ec64, puLen=0x29ec60 | out: lplpBuffer=0x29ec64*=0x2be4f70, puLen=0x29ec60) returned 1 [0043.986] lstrlenW (lpString="6.1.7601.17514") returned 14 [0043.986] lstrcpyW (in: lpString1=0x367700, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0043.987] VerQueryValueW (in: pBlock=0x2be4d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x29ec64, puLen=0x29ec60 | out: lplpBuffer=0x29ec64*=0x2be4fb0, puLen=0x29ec60) returned 1 [0043.987] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0043.987] lstrcpyW (in: lpString1=0x367700, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0043.987] VerQueryValueW (in: pBlock=0x2be4d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x29ec64, puLen=0x29ec60 | out: lplpBuffer=0x29ec64*=0x2be5018, puLen=0x29ec60) returned 1 [0043.987] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0043.987] lstrcpyW (in: lpString1=0x367700, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0043.987] VerQueryValueW (in: pBlock=0x2be4d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x29ec64, puLen=0x29ec60 | out: lplpBuffer=0x29ec64*=0x2be50b4, puLen=0x29ec60) returned 1 [0043.987] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0043.987] lstrcpyW (in: lpString1=0x367700, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0043.987] VerQueryValueW (in: pBlock=0x2be4d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x29ec64, puLen=0x29ec60 | out: lplpBuffer=0x29ec64*=0x2be5118, puLen=0x29ec60) returned 1 [0043.987] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0043.987] lstrcpyW (in: lpString1=0x367700, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0043.987] VerQueryValueW (in: pBlock=0x2be4d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x29ec64, puLen=0x29ec60 | out: lplpBuffer=0x29ec64*=0x2be5194, puLen=0x29ec60) returned 1 [0043.987] lstrlenW (lpString="6.1.7601.17514") returned 14 [0043.987] lstrcpyW (in: lpString1=0x367700, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0043.987] VerQueryValueW (in: pBlock=0x2be4d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x29ec64, puLen=0x29ec60 | out: lplpBuffer=0x29ec64*=0x2be4e3c, puLen=0x29ec60) returned 1 [0043.987] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0043.987] lstrcpyW (in: lpString1=0x367700, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0043.988] VerQueryValueW (in: pBlock=0x2be4d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x29ec64, puLen=0x29ec60 | out: lplpBuffer=0x29ec64*=0x0, puLen=0x29ec60) returned 0 [0043.988] VerQueryValueW (in: pBlock=0x2be4d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x29ec64, puLen=0x29ec60 | out: lplpBuffer=0x29ec64*=0x0, puLen=0x29ec60) returned 0 [0043.988] VerQueryValueW (in: pBlock=0x2be4d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x29ec64, puLen=0x29ec60 | out: lplpBuffer=0x29ec64*=0x0, puLen=0x29ec60) returned 0 [0043.988] VerQueryValueW (in: pBlock=0x2be4d48, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x29ec58, puLen=0x29ec54 | out: lplpBuffer=0x29ec58*=0x2be4de4, puLen=0x29ec54) returned 1 [0043.989] VerLanguageNameW (in: wLang=0x0, szLang=0x367700, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0043.992] VerQueryValueW (in: pBlock=0x2be4d48, lpSubBlock="\\", lplpBuffer=0x29ec6c, puLen=0x29ec68 | out: lplpBuffer=0x29ec6c*=0x2be4d70, puLen=0x29ec68) returned 1 [0044.000] GetCurrentProcessId () returned 0x670 [0044.030] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x29e4a4 | out: lpLuid=0x29e4a4*(LowPart=0x14, HighPart=0)) returned 1 [0044.032] GetLastError () returned 0x0 [0044.034] GetCurrentProcess () returned 0xffffffff [0044.034] GetLastError () returned 0x0 [0044.035] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x29e4a0 | out: TokenHandle=0x29e4a0*=0x310) returned 1 [0044.035] GetLastError () returned 0x0 [0044.038] AdjustTokenPrivileges (in: TokenHandle=0x310, DisableAllPrivileges=0, NewState=0x2be7888*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0044.038] GetLastError () returned 0x0 [0044.040] CloseHandle (hObject=0x310) returned 1 [0044.040] GetLastError () returned 0x0 [0044.048] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x670) returned 0x310 [0044.048] GetLastError () returned 0x0 [0044.058] EnumProcessModules (in: hProcess=0x310, lphModule=0x2be78cc, cb=0x100, lpcbNeeded=0x29ec94 | out: lphModule=0x2be78cc, lpcbNeeded=0x29ec94) returned 1 [0044.059] GetLastError () returned 0x0 [0044.063] GetModuleInformation (in: hProcess=0x310, hModule=0x21c50000, lpmodinfo=0x2be7a0c, cb=0xc | out: lpmodinfo=0x2be7a0c*(lpBaseOfDll=0x21c50000, SizeOfImage=0x72000, EntryPoint=0x21c57363)) returned 1 [0044.064] GetLastError () returned 0x0 [0044.066] GetModuleBaseNameW (in: hProcess=0x310, hModule=0x21c50000, lpBaseName=0x367ec0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0044.066] GetLastError () returned 0x0 [0044.067] GetModuleFileNameExW (in: hProcess=0x310, hModule=0x21c50000, lpFilename=0x367ec0, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0044.067] GetLastError () returned 0x0 [0044.068] CloseHandle (hObject=0x310) returned 1 [0044.068] GetLastError () returned 0x0 [0044.071] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x670) returned 0x310 [0044.071] GetLastError () returned 0x0 [0044.073] GetExitCodeProcess (in: hProcess=0x310, lpExitCode=0x2be6ebc | out: lpExitCode=0x2be6ebc*=0x103) returned 1 [0044.073] GetLastError () returned 0x0 [0044.080] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3be5278, Length=0x20000, ResultLength=0x29ecdc | out: SystemInformation=0x3be5278, ResultLength=0x29ecdc*=0xd628) returned 0x0 [0044.157] EnumWindows (lpEnumFunc=0x29a3612, lParam=0x0) returned 1 [0044.160] GetWindowThreadProcessId (in: hWnd=0x3013c, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x538 [0044.160] GetLastError () returned 0x0 [0044.160] GetWindowThreadProcessId (in: hWnd=0x300b2, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.160] GetLastError () returned 0x0 [0044.160] GetWindowThreadProcessId (in: hWnd=0x300ee, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.161] GetLastError () returned 0x0 [0044.161] GetWindowThreadProcessId (in: hWnd=0x400c0, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.161] GetLastError () returned 0x0 [0044.161] GetWindowThreadProcessId (in: hWnd=0x10144, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x514 [0044.161] GetLastError () returned 0x0 [0044.161] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.161] GetLastError () returned 0x0 [0044.161] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x778 [0044.161] GetLastError () returned 0x0 [0044.161] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x778 [0044.161] GetLastError () returned 0x0 [0044.161] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.161] GetLastError () returned 0x0 [0044.162] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.162] GetLastError () returned 0x0 [0044.162] GetWindowThreadProcessId (in: hWnd=0x10062, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.162] GetLastError () returned 0x0 [0044.162] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.162] GetLastError () returned 0x0 [0044.162] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.162] GetLastError () returned 0x0 [0044.162] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.162] GetLastError () returned 0x0 [0044.162] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.162] GetLastError () returned 0x0 [0044.162] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.162] GetLastError () returned 0x0 [0044.163] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.163] GetLastError () returned 0x0 [0044.163] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x458 [0044.163] GetLastError () returned 0x0 [0044.163] GetWindowThreadProcessId (in: hWnd=0x500a0, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.163] GetLastError () returned 0x0 [0044.163] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.163] GetLastError () returned 0x0 [0044.163] GetWindowThreadProcessId (in: hWnd=0x1025e, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0xa40 [0044.163] GetLastError () returned 0x0 [0044.163] GetWindowThreadProcessId (in: hWnd=0x3015e, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x410 [0044.163] GetLastError () returned 0x0 [0044.163] GetWindowThreadProcessId (in: hWnd=0x3015c, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x410 [0044.163] GetLastError () returned 0x0 [0044.164] GetWindowThreadProcessId (in: hWnd=0x30162, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x410 [0044.164] GetLastError () returned 0x0 [0044.164] GetWindowThreadProcessId (in: hWnd=0x50116, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x9c4 [0044.164] GetLastError () returned 0x0 [0044.164] GetWindowThreadProcessId (in: hWnd=0x900a6, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.164] GetLastError () returned 0x0 [0044.164] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.164] GetLastError () returned 0x0 [0044.164] GetWindowThreadProcessId (in: hWnd=0x400d0, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.164] GetLastError () returned 0x0 [0044.164] GetWindowThreadProcessId (in: hWnd=0x400f0, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.164] GetLastError () returned 0x0 [0044.164] GetWindowThreadProcessId (in: hWnd=0x300de, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.164] GetLastError () returned 0x0 [0044.165] GetWindowThreadProcessId (in: hWnd=0x300ca, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.165] GetLastError () returned 0x0 [0044.165] GetWindowThreadProcessId (in: hWnd=0x400c4, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.165] GetLastError () returned 0x0 [0044.165] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.165] GetLastError () returned 0x0 [0044.165] GetWindowThreadProcessId (in: hWnd=0x1025a, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0xa30 [0044.165] GetLastError () returned 0x0 [0044.165] GetWindowThreadProcessId (in: hWnd=0x10256, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0xa20 [0044.165] GetLastError () returned 0x0 [0044.165] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0xa10 [0044.165] GetLastError () returned 0x0 [0044.165] GetWindowThreadProcessId (in: hWnd=0x1024e, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0xa00 [0044.165] GetLastError () returned 0x0 [0044.166] GetWindowThreadProcessId (in: hWnd=0x1024a, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x9f0 [0044.166] GetLastError () returned 0x0 [0044.166] GetWindowThreadProcessId (in: hWnd=0x10246, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x9e0 [0044.166] GetLastError () returned 0x0 [0044.166] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x9d0 [0044.166] GetLastError () returned 0x0 [0044.166] GetWindowThreadProcessId (in: hWnd=0x1023e, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x9bc [0044.166] GetLastError () returned 0x0 [0044.166] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x9ac [0044.166] GetLastError () returned 0x0 [0044.166] GetWindowThreadProcessId (in: hWnd=0x10236, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x998 [0044.166] GetLastError () returned 0x0 [0044.166] GetWindowThreadProcessId (in: hWnd=0x10232, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x984 [0044.167] GetLastError () returned 0x0 [0044.167] GetWindowThreadProcessId (in: hWnd=0x1022e, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x974 [0044.167] GetLastError () returned 0x0 [0044.167] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x964 [0044.167] GetLastError () returned 0x0 [0044.167] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x954 [0044.167] GetLastError () returned 0x0 [0044.167] GetWindowThreadProcessId (in: hWnd=0x20222, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x944 [0044.167] GetLastError () returned 0x0 [0044.167] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x930 [0044.167] GetLastError () returned 0x0 [0044.167] GetWindowThreadProcessId (in: hWnd=0x1021a, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x920 [0044.167] GetLastError () returned 0x0 [0044.168] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x910 [0044.168] GetLastError () returned 0x0 [0044.168] GetWindowThreadProcessId (in: hWnd=0x10212, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x8fc [0044.168] GetLastError () returned 0x0 [0044.168] GetWindowThreadProcessId (in: hWnd=0x1020e, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x8ec [0044.168] GetLastError () returned 0x0 [0044.168] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x8dc [0044.168] GetLastError () returned 0x0 [0044.168] GetWindowThreadProcessId (in: hWnd=0x10206, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x8cc [0044.168] GetLastError () returned 0x0 [0044.168] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x8bc [0044.168] GetLastError () returned 0x0 [0044.168] GetWindowThreadProcessId (in: hWnd=0x101fc, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x898 [0044.169] GetLastError () returned 0x0 [0044.169] GetWindowThreadProcessId (in: hWnd=0x101f8, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x884 [0044.169] GetLastError () returned 0x0 [0044.169] GetWindowThreadProcessId (in: hWnd=0x101f4, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x86c [0044.169] GetLastError () returned 0x0 [0044.169] GetWindowThreadProcessId (in: hWnd=0x101ee, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x858 [0044.169] GetLastError () returned 0x0 [0044.169] GetWindowThreadProcessId (in: hWnd=0x101ea, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x848 [0044.169] GetLastError () returned 0x0 [0044.169] GetWindowThreadProcessId (in: hWnd=0x101e6, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x838 [0044.169] GetLastError () returned 0x0 [0044.169] GetWindowThreadProcessId (in: hWnd=0x101e2, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x828 [0044.170] GetLastError () returned 0x0 [0044.170] GetWindowThreadProcessId (in: hWnd=0x101de, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x818 [0044.170] GetLastError () returned 0x0 [0044.170] GetWindowThreadProcessId (in: hWnd=0x101da, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x808 [0044.170] GetLastError () returned 0x0 [0044.170] GetWindowThreadProcessId (in: hWnd=0x101d6, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x5cc [0044.170] GetLastError () returned 0x0 [0044.170] GetWindowThreadProcessId (in: hWnd=0x101d2, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x798 [0044.170] GetLastError () returned 0x0 [0044.170] GetWindowThreadProcessId (in: hWnd=0x101ce, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x36c [0044.170] GetLastError () returned 0x0 [0044.170] GetWindowThreadProcessId (in: hWnd=0x101ca, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x7f4 [0044.170] GetLastError () returned 0x0 [0044.171] GetWindowThreadProcessId (in: hWnd=0x101c6, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x7c0 [0044.171] GetLastError () returned 0x0 [0044.171] GetWindowThreadProcessId (in: hWnd=0x101c2, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x208 [0044.171] GetLastError () returned 0x0 [0044.171] GetWindowThreadProcessId (in: hWnd=0x101be, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x7b0 [0044.171] GetLastError () returned 0x0 [0044.171] GetWindowThreadProcessId (in: hWnd=0x101ba, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0xc0 [0044.171] GetLastError () returned 0x0 [0044.171] GetWindowThreadProcessId (in: hWnd=0x101b6, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x48c [0044.171] GetLastError () returned 0x0 [0044.171] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x7e4 [0044.171] GetLastError () returned 0x0 [0044.171] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x7c4 [0044.171] GetLastError () returned 0x0 [0044.172] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x114 [0044.172] GetLastError () returned 0x0 [0044.172] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x308 [0044.172] GetLastError () returned 0x0 [0044.172] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x540 [0044.172] GetLastError () returned 0x0 [0044.172] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x79c [0044.172] GetLastError () returned 0x0 [0044.172] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x414 [0044.172] GetLastError () returned 0x0 [0044.172] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x7e8 [0044.172] GetLastError () returned 0x0 [0044.172] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x1c0 [0044.172] GetLastError () returned 0x0 [0044.172] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x7c8 [0044.172] GetLastError () returned 0x0 [0044.172] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x240 [0044.172] GetLastError () returned 0x0 [0044.173] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x2c4 [0044.173] GetLastError () returned 0x0 [0044.173] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x604 [0044.173] GetLastError () returned 0x0 [0044.173] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x53c [0044.173] GetLastError () returned 0x0 [0044.173] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x180 [0044.173] GetLastError () returned 0x0 [0044.173] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x76c [0044.173] GetLastError () returned 0x0 [0044.173] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x340 [0044.173] GetLastError () returned 0x0 [0044.173] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0xc4 [0044.173] GetLastError () returned 0x0 [0044.173] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x440 [0044.173] GetLastError () returned 0x0 [0044.173] GetWindowThreadProcessId (in: hWnd=0x20164, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x6f0 [0044.173] GetLastError () returned 0x0 [0044.174] GetWindowThreadProcessId (in: hWnd=0x5011c, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x598 [0044.174] GetLastError () returned 0x0 [0044.174] GetWindowThreadProcessId (in: hWnd=0x30158, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4f0 [0044.175] GetLastError () returned 0x0 [0044.175] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x514 [0044.175] GetLastError () returned 0x0 [0044.175] GetWindowThreadProcessId (in: hWnd=0x1014c, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x50c [0044.175] GetLastError () returned 0x0 [0044.175] GetWindowThreadProcessId (in: hWnd=0x20142, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x514 [0044.175] GetLastError () returned 0x0 [0044.175] GetWindowThreadProcessId (in: hWnd=0x10136, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x50c [0044.175] GetLastError () returned 0x0 [0044.175] GetWindowThreadProcessId (in: hWnd=0x1012e, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x514 [0044.175] GetLastError () returned 0x0 [0044.175] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4f0 [0044.176] GetLastError () returned 0x0 [0044.176] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4f0 [0044.176] GetLastError () returned 0x0 [0044.176] GetWindowThreadProcessId (in: hWnd=0x200a8, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x58c [0044.176] GetLastError () returned 0x0 [0044.176] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x578 [0044.176] GetLastError () returned 0x0 [0044.176] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x458 [0044.176] GetLastError () returned 0x0 [0044.176] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x530 [0044.176] GetLastError () returned 0x0 [0044.176] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.176] GetLastError () returned 0x0 [0044.176] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x508 [0044.176] GetLastError () returned 0x0 [0044.176] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.176] GetLastError () returned 0x0 [0044.176] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4f4 [0044.176] GetLastError () returned 0x0 [0044.176] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.177] GetLastError () returned 0x0 [0044.177] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.177] GetLastError () returned 0x0 [0044.177] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x794 [0044.177] GetLastError () returned 0x0 [0044.177] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.177] GetLastError () returned 0x0 [0044.177] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.177] GetLastError () returned 0x0 [0044.177] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x458 [0044.177] GetLastError () returned 0x0 [0044.177] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x458 [0044.177] GetLastError () returned 0x0 [0044.177] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x448 [0044.177] GetLastError () returned 0x0 [0044.177] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x778 [0044.177] GetLastError () returned 0x0 [0044.177] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x458 [0044.177] GetLastError () returned 0x0 [0044.178] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x538 [0044.178] GetLastError () returned 0x0 [0044.178] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.178] GetLastError () returned 0x0 [0044.178] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4ac [0044.178] GetLastError () returned 0x0 [0044.178] GetWindowThreadProcessId (in: hWnd=0x10260, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0xa40 [0044.178] GetLastError () returned 0x0 [0044.178] GetWindowThreadProcessId (in: hWnd=0x301fe, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x410 [0044.178] GetLastError () returned 0x0 [0044.178] GetWindowThreadProcessId (in: hWnd=0x50114, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x9c4 [0044.178] GetLastError () returned 0x0 [0044.178] GetWindowThreadProcessId (in: hWnd=0x1025c, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0xa30 [0044.178] GetLastError () returned 0x0 [0044.178] GetWindowThreadProcessId (in: hWnd=0x10258, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0xa20 [0044.178] GetLastError () returned 0x0 [0044.178] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0xa10 [0044.178] GetLastError () returned 0x0 [0044.178] GetWindowThreadProcessId (in: hWnd=0x10250, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0xa00 [0044.178] GetLastError () returned 0x0 [0044.179] GetWindowThreadProcessId (in: hWnd=0x1024c, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x9f0 [0044.179] GetLastError () returned 0x0 [0044.179] GetWindowThreadProcessId (in: hWnd=0x10248, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x9e0 [0044.179] GetLastError () returned 0x0 [0044.179] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x9d0 [0044.179] GetLastError () returned 0x0 [0044.179] GetWindowThreadProcessId (in: hWnd=0x10240, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x9bc [0044.179] GetLastError () returned 0x0 [0044.179] GetWindowThreadProcessId (in: hWnd=0x1023c, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x9ac [0044.179] GetLastError () returned 0x0 [0044.179] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x998 [0044.179] GetLastError () returned 0x0 [0044.179] GetWindowThreadProcessId (in: hWnd=0x10234, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x984 [0044.179] GetLastError () returned 0x0 [0044.179] GetWindowThreadProcessId (in: hWnd=0x10230, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x974 [0044.179] GetLastError () returned 0x0 [0044.179] GetWindowThreadProcessId (in: hWnd=0x1022c, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x964 [0044.179] GetLastError () returned 0x0 [0044.179] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x954 [0044.180] GetLastError () returned 0x0 [0044.180] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x944 [0044.180] GetLastError () returned 0x0 [0044.180] GetWindowThreadProcessId (in: hWnd=0x10220, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x930 [0044.180] GetLastError () returned 0x0 [0044.180] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x920 [0044.180] GetLastError () returned 0x0 [0044.180] GetWindowThreadProcessId (in: hWnd=0x10218, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x910 [0044.180] GetLastError () returned 0x0 [0044.180] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x8fc [0044.180] GetLastError () returned 0x0 [0044.180] GetWindowThreadProcessId (in: hWnd=0x10210, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x8ec [0044.180] GetLastError () returned 0x0 [0044.180] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x8dc [0044.180] GetLastError () returned 0x0 [0044.180] GetWindowThreadProcessId (in: hWnd=0x10208, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x8cc [0044.180] GetLastError () returned 0x0 [0044.180] GetWindowThreadProcessId (in: hWnd=0x10204, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x8bc [0044.180] GetLastError () returned 0x0 [0044.180] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x898 [0044.180] GetLastError () returned 0x0 [0044.181] GetWindowThreadProcessId (in: hWnd=0x101fa, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x884 [0044.181] GetLastError () returned 0x0 [0044.181] GetWindowThreadProcessId (in: hWnd=0x101f6, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x86c [0044.181] GetLastError () returned 0x0 [0044.181] GetWindowThreadProcessId (in: hWnd=0x101f0, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x858 [0044.181] GetLastError () returned 0x0 [0044.181] GetWindowThreadProcessId (in: hWnd=0x101ec, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x848 [0044.181] GetLastError () returned 0x0 [0044.181] GetWindowThreadProcessId (in: hWnd=0x101e8, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x838 [0044.181] GetLastError () returned 0x0 [0044.181] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x828 [0044.181] GetLastError () returned 0x0 [0044.181] GetWindowThreadProcessId (in: hWnd=0x101e0, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x818 [0044.181] GetLastError () returned 0x0 [0044.181] GetWindowThreadProcessId (in: hWnd=0x101dc, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x808 [0044.181] GetLastError () returned 0x0 [0044.181] GetWindowThreadProcessId (in: hWnd=0x101d8, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x5cc [0044.181] GetLastError () returned 0x0 [0044.181] GetWindowThreadProcessId (in: hWnd=0x101d4, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x798 [0044.181] GetLastError () returned 0x0 [0044.182] GetWindowThreadProcessId (in: hWnd=0x101d0, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x36c [0044.182] GetLastError () returned 0x0 [0044.182] GetWindowThreadProcessId (in: hWnd=0x101cc, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x7f4 [0044.182] GetLastError () returned 0x0 [0044.182] GetWindowThreadProcessId (in: hWnd=0x101c8, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x7c0 [0044.182] GetLastError () returned 0x0 [0044.182] GetWindowThreadProcessId (in: hWnd=0x101c4, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x208 [0044.182] GetLastError () returned 0x0 [0044.182] GetWindowThreadProcessId (in: hWnd=0x101c0, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x7b0 [0044.182] GetLastError () returned 0x0 [0044.182] GetWindowThreadProcessId (in: hWnd=0x101bc, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0xc0 [0044.182] GetLastError () returned 0x0 [0044.182] GetWindowThreadProcessId (in: hWnd=0x101b8, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x48c [0044.182] GetLastError () returned 0x0 [0044.182] GetWindowThreadProcessId (in: hWnd=0x101b4, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x7e4 [0044.182] GetLastError () returned 0x0 [0044.182] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x7c4 [0044.182] GetLastError () returned 0x0 [0044.182] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x114 [0044.182] GetLastError () returned 0x0 [0044.183] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x308 [0044.183] GetLastError () returned 0x0 [0044.183] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x540 [0044.183] GetLastError () returned 0x0 [0044.183] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x79c [0044.183] GetLastError () returned 0x0 [0044.183] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x414 [0044.183] GetLastError () returned 0x0 [0044.183] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x7e8 [0044.183] GetLastError () returned 0x0 [0044.183] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x1c0 [0044.183] GetLastError () returned 0x0 [0044.183] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x7c8 [0044.183] GetLastError () returned 0x0 [0044.183] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x240 [0044.183] GetLastError () returned 0x0 [0044.183] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x2c4 [0044.183] GetLastError () returned 0x0 [0044.183] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x604 [0044.183] GetLastError () returned 0x0 [0044.184] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x53c [0044.184] GetLastError () returned 0x0 [0044.184] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x180 [0044.184] GetLastError () returned 0x0 [0044.184] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x76c [0044.184] GetLastError () returned 0x0 [0044.184] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x340 [0044.184] GetLastError () returned 0x0 [0044.184] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0xc4 [0044.184] GetLastError () returned 0x0 [0044.184] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x440 [0044.184] GetLastError () returned 0x0 [0044.184] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x6f0 [0044.184] GetLastError () returned 0x0 [0044.184] GetWindowThreadProcessId (in: hWnd=0x40106, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x598 [0044.184] GetLastError () returned 0x0 [0044.184] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x50c [0044.184] GetLastError () returned 0x0 [0044.184] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x514 [0044.184] GetLastError () returned 0x0 [0044.184] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4f0 [0044.185] GetLastError () returned 0x0 [0044.185] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x58c [0044.185] GetLastError () returned 0x0 [0044.185] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x458 [0044.185] GetLastError () returned 0x0 [0044.185] GetWindowThreadProcessId (in: hWnd=0x10086, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x4f4 [0044.185] GetLastError () returned 0x0 [0044.185] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x794 [0044.185] GetLastError () returned 0x0 [0044.185] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x458 [0044.185] GetLastError () returned 0x0 [0044.185] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x29e930 | out: lpdwProcessId=0x29e930) returned 0x778 [0044.185] GetLastError () returned 0x0 [0044.185] GetLastError () returned 0x0 [0044.188] WerSetFlags () returned 0x0 [0044.203] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1 [0044.204] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x29ed0c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x29ed08 | out: pulNumLanguages=0x29ed0c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x29ed08) returned 1 [0044.205] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x29ed0c, pwszLanguagesBuffer=0x2c03238, pcchLanguagesBuffer=0x29ed08 | out: pulNumLanguages=0x29ed0c, pwszLanguagesBuffer=0x2c03238, pcchLanguagesBuffer=0x29ed08) returned 1 [0044.213] GetUserDefaultLocaleName (in: lpLocaleName=0x367700, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6 [0044.238] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0044.238] GetLastError () returned 0xcb [0044.242] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0044.242] GetLastError () returned 0xcb [0044.244] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0044.244] GetLastError () returned 0xcb [0044.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0044.262] GetLastError () returned 0xcb [0044.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e798, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0044.262] GetLastError () returned 0xcb [0044.262] SetErrorMode (uMode=0x1) returned 0x1 [0044.262] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x29ec18 | out: lpFileInformation=0x29ec18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0044.262] GetLastError () returned 0xcb [0044.262] SetErrorMode (uMode=0x1) returned 0x1 [0044.262] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x29ec9c | out: lpdwHandle=0x29ec9c) returned 0x94c [0044.263] GetLastError () returned 0x0 [0044.263] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c05768 | out: lpData=0x2c05768) returned 1 [0044.264] VerQueryValueW (in: pBlock=0x2c05768, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x29ec68, puLen=0x29ec64 | out: lplpBuffer=0x29ec68*=0x2c05804, puLen=0x29ec64) returned 1 [0044.264] VerQueryValueW (in: pBlock=0x2c05768, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x29ebe4, puLen=0x29ebe0 | out: lplpBuffer=0x29ebe4*=0x2c058e0, puLen=0x29ebe0) returned 1 [0044.264] lstrlenW (lpString="Microsoft Corporation") returned 21 [0044.264] lstrcpyW (in: lpString1=0x367700, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0044.264] VerQueryValueW (in: pBlock=0x2c05768, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x29ebe4, puLen=0x29ebe0 | out: lplpBuffer=0x29ebe4*=0x2c05934, puLen=0x29ebe0) returned 1 [0044.264] lstrlenW (lpString="System.Management.Automation") returned 28 [0044.264] lstrcpyW (in: lpString1=0x367700, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0044.264] VerQueryValueW (in: pBlock=0x2c05768, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x29ebe4, puLen=0x29ebe0 | out: lplpBuffer=0x29ebe4*=0x2c05990, puLen=0x29ebe0) returned 1 [0044.264] lstrlenW (lpString="6.1.7601.17514") returned 14 [0044.264] lstrcpyW (in: lpString1=0x367700, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0044.264] VerQueryValueW (in: pBlock=0x2c05768, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x29ebe4, puLen=0x29ebe0 | out: lplpBuffer=0x29ebe4*=0x2c059d0, puLen=0x29ebe0) returned 1 [0044.264] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0044.264] lstrcpyW (in: lpString1=0x367700, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0044.264] VerQueryValueW (in: pBlock=0x2c05768, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x29ebe4, puLen=0x29ebe0 | out: lplpBuffer=0x29ebe4*=0x2c05a38, puLen=0x29ebe0) returned 1 [0044.264] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0044.265] lstrcpyW (in: lpString1=0x367700, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0044.265] VerQueryValueW (in: pBlock=0x2c05768, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x29ebe4, puLen=0x29ebe0 | out: lplpBuffer=0x29ebe4*=0x2c05ad4, puLen=0x29ebe0) returned 1 [0044.265] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0044.265] lstrcpyW (in: lpString1=0x367700, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0044.265] VerQueryValueW (in: pBlock=0x2c05768, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x29ebe4, puLen=0x29ebe0 | out: lplpBuffer=0x29ebe4*=0x2c05b38, puLen=0x29ebe0) returned 1 [0044.265] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0044.265] lstrcpyW (in: lpString1=0x367700, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0044.265] VerQueryValueW (in: pBlock=0x2c05768, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x29ebe4, puLen=0x29ebe0 | out: lplpBuffer=0x29ebe4*=0x2c05bb4, puLen=0x29ebe0) returned 1 [0044.265] lstrlenW (lpString="6.1.7601.17514") returned 14 [0044.265] lstrcpyW (in: lpString1=0x367700, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0044.265] VerQueryValueW (in: pBlock=0x2c05768, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x29ebe4, puLen=0x29ebe0 | out: lplpBuffer=0x29ebe4*=0x2c0585c, puLen=0x29ebe0) returned 1 [0044.265] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0044.265] lstrcpyW (in: lpString1=0x367700, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0044.265] VerQueryValueW (in: pBlock=0x2c05768, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x29ebe4, puLen=0x29ebe0 | out: lplpBuffer=0x29ebe4*=0x0, puLen=0x29ebe0) returned 0 [0044.265] VerQueryValueW (in: pBlock=0x2c05768, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x29ebe4, puLen=0x29ebe0 | out: lplpBuffer=0x29ebe4*=0x0, puLen=0x29ebe0) returned 0 [0044.265] VerQueryValueW (in: pBlock=0x2c05768, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x29ebe4, puLen=0x29ebe0 | out: lplpBuffer=0x29ebe4*=0x0, puLen=0x29ebe0) returned 0 [0044.265] VerQueryValueW (in: pBlock=0x2c05768, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x29ebd8, puLen=0x29ebd4 | out: lplpBuffer=0x29ebd8*=0x2c05804, puLen=0x29ebd4) returned 1 [0044.265] VerLanguageNameW (in: wLang=0x0, szLang=0x367700, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0044.265] VerQueryValueW (in: pBlock=0x2c05768, lpSubBlock="\\", lplpBuffer=0x29ebec, puLen=0x29ebe8 | out: lplpBuffer=0x29ebec*=0x2c05790, puLen=0x29ebe8) returned 1 [0044.272] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0044.272] GetLastError () returned 0xcb [0044.278] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0044.278] GetLastError () returned 0xcb [0044.282] lstrlenW (lpString="䅁") returned 1 [0044.285] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29ebb0 | out: phkResult=0x29ebb0*=0x328) returned 0x0 [0044.286] RegOpenKeyExW (in: hKey=0x328, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x29ebb4 | out: phkResult=0x29ebb4*=0x32c) returned 0x0 [0044.286] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29ebe8 | out: phkResult=0x29ebe8*=0x330) returned 0x0 [0044.287] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29ec28, lpData=0x0, lpcbData=0x29ec24*=0x0 | out: lpType=0x29ec28*=0x1, lpData=0x0, lpcbData=0x29ec24*=0x56) returned 0x0 [0044.289] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29ec28, lpData=0x367700, lpcbData=0x29ec24*=0x56 | out: lpType=0x29ec28*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29ec24*=0x56) returned 0x0 [0044.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0044.292] GetLastError () returned 0x0 [0044.294] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0044.294] GetLastError () returned 0x0 [0044.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0044.301] GetLastError () returned 0x0 [0044.315] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0044.315] GetLastError () returned 0xcb [0044.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x29e6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0044.611] GetLastError () returned 0x2 [0044.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x29e6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0044.612] GetLastError () returned 0x2 [0044.710] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0044.710] GetLastError () returned 0xcb [0044.711] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0044.711] GetLastError () returned 0xcb [0044.737] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0044.737] GetLastError () returned 0xcb [0044.738] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0044.738] GetLastError () returned 0xcb [0044.738] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0044.738] GetLastError () returned 0xcb [0044.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x29e6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0044.899] GetLastError () returned 0x0 [0044.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x29e6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0044.899] GetLastError () returned 0x0 [0044.931] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0044.931] GetLastError () returned 0xcb [0044.933] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0044.933] GetLastError () returned 0xcb [0044.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0044.983] GetLastError () returned 0x7e [0044.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0044.983] GetLastError () returned 0x7e [0045.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x29e6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0045.420] GetLastError () returned 0x2 [0045.420] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x29e6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0045.420] GetLastError () returned 0x2 [0045.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0045.492] GetLastError () returned 0x57 [0045.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0045.493] GetLastError () returned 0x57 [0045.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x29e6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0045.599] GetLastError () returned 0x2 [0045.599] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x29e6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0045.599] GetLastError () returned 0x2 [0045.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x29e6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0045.732] GetLastError () returned 0x2 [0045.732] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x29e6f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0045.732] GetLastError () returned 0x2 [0045.775] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0045.776] GetLastError () returned 0xcb [0045.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e7b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0045.776] GetLastError () returned 0xcb [0045.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e768, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0045.776] GetLastError () returned 0xcb [0045.776] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e768, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0045.776] GetLastError () returned 0xcb [0045.789] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e768, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0045.789] GetLastError () returned 0xcb [0045.862] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x29e6fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c [0045.862] GetLastError () returned 0x2 [0045.862] SetErrorMode (uMode=0x1) returned 0x1 [0045.862] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x29eba4 | out: lpFileInformation=0x29eba4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0045.862] GetLastError () returned 0x2 [0045.862] SetErrorMode (uMode=0x1) returned 0x1 [0046.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e7b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.019] GetLastError () returned 0x0 [0046.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e768, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.019] GetLastError () returned 0x0 [0046.020] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e768, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.020] GetLastError () returned 0x0 [0046.025] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.025] GetLastError () returned 0xcb [0046.028] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.028] GetLastError () returned 0xcb [0046.028] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.028] GetLastError () returned 0xcb [0046.032] CoCreateGuid (in: pguid=0x29ec84 | out: pguid=0x29ec84*(Data1=0xbf62f035, Data2=0xefcd, Data3=0x4d53, Data4=([0]=0xbd, [1]=0x60, [2]=0xf2, [3]=0xbf, [4]=0xe0, [5]=0x93, [6]=0x6f, [7]=0x59))) returned 0x0 [0046.038] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.038] GetLastError () returned 0xcb [0046.040] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.040] GetLastError () returned 0xcb [0046.042] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.042] GetLastError () returned 0xcb [0046.050] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0046.051] GetLastError () returned 0x0 [0046.052] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x29eb64 | out: lpConsoleScreenBufferInfo=0x29eb64) returned 1 [0046.053] GetLastError () returned 0x0 [0046.057] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13 [0046.057] GetLastError () returned 0x0 [0046.057] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x29eb64 | out: lpConsoleScreenBufferInfo=0x29eb64) returned 1 [0046.057] GetLastError () returned 0x0 [0046.058] GetVersionExW (in: lpVersionInformation=0x367718*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x367718*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0046.058] GetLastError () returned 0x0 [0046.059] GetCurrentProcess () returned 0xffffffff [0046.059] GetLastError () returned 0x3f0 [0046.060] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x29eb74 | out: TokenHandle=0x29eb74*=0x34c) returned 1 [0046.060] GetLastError () returned 0x3f0 [0046.063] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x29ebcc | out: TokenInformation=0x0, ReturnLength=0x29ebcc) returned 0 [0046.063] GetLastError () returned 0x7a [0046.064] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x378880 [0046.064] GetLastError () returned 0x7a [0046.064] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x8, TokenInformation=0x378880, TokenInformationLength=0x4, ReturnLength=0x29ebcc | out: TokenInformation=0x378880, ReturnLength=0x29ebcc) returned 1 [0046.064] GetLastError () returned 0x7a [0046.067] DuplicateTokenEx (in: hExistingToken=0x34c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x29eb84 | out: phNewToken=0x29eb84*=0x344) returned 1 [0046.067] GetLastError () returned 0x7f [0046.067] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x29ebcc | out: TokenInformation=0x0, ReturnLength=0x29ebcc) returned 0 [0046.067] GetLastError () returned 0x7a [0046.067] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x378860 [0046.067] GetLastError () returned 0x7a [0046.067] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x8, TokenInformation=0x378860, TokenInformationLength=0x4, ReturnLength=0x29ebcc | out: TokenInformation=0x378860, ReturnLength=0x29ebcc) returned 1 [0046.067] GetLastError () returned 0x7a [0046.068] CheckTokenMembership (in: TokenHandle=0x344, SidToCheck=0x2c885dc*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x29eb60 | out: IsMember=0x29eb60) returned 1 [0046.068] GetLastError () returned 0x7a [0046.068] CloseHandle (hObject=0x344) returned 1 [0046.068] GetLastError () returned 0x7a [0046.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e674, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.068] GetLastError () returned 0x7a [0046.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e624, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.068] GetLastError () returned 0x7a [0046.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e624, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.068] GetLastError () returned 0x7a [0046.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e624, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.068] GetLastError () returned 0x7a [0046.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e674, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.099] GetLastError () returned 0x7a [0046.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e624, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.099] GetLastError () returned 0x7a [0046.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e624, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.099] GetLastError () returned 0x7a [0046.110] GetConsoleTitleW (in: lpConsoleTitle=0x367ec0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39 [0046.110] GetLastError () returned 0x7a [0046.134] GetConsoleTitleW (in: lpConsoleTitle=0x367ec0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39 [0046.134] GetLastError () returned 0x7a [0046.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e66c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.134] GetLastError () returned 0x7a [0046.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.134] GetLastError () returned 0x7a [0046.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e61c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.134] GetLastError () returned 0x7a [0046.138] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1 [0046.139] GetLastError () returned 0x7a [0046.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e6a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.139] GetLastError () returned 0x7a [0046.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e654, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.139] GetLastError () returned 0x7a [0046.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e654, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.139] GetLastError () returned 0x7a [0046.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e654, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.139] GetLastError () returned 0x7a [0046.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e6a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.175] GetLastError () returned 0x7a [0046.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e654, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.175] GetLastError () returned 0x7a [0046.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e654, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.175] GetLastError () returned 0x7a [0046.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e6a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.175] GetLastError () returned 0x7a [0046.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e654, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.175] GetLastError () returned 0x7a [0046.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e654, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.176] GetLastError () returned 0x7a [0046.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e6b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.176] GetLastError () returned 0x7a [0046.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e668, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.176] GetLastError () returned 0x7a [0046.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e668, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.176] GetLastError () returned 0x7a [0046.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e668, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0046.176] GetLastError () returned 0x7a [0046.229] SetConsoleCtrlHandler (HandlerRoutine=0x29a384a, Add=1) returned 1 [0046.229] GetLastError () returned 0x7a [0046.249] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344 [0046.249] GetLastError () returned 0x0 [0046.251] CoCreateGuid (in: pguid=0x29eb98 | out: pguid=0x29eb98*(Data1=0x526f2ec7, Data2=0xe694, Data3=0x4380, Data4=([0]=0xaa, [1]=0x82, [2]=0x9a, [3]=0xd7, [4]=0x1d, [5]=0x3c, [6]=0x52, [7]=0x9d))) returned 0x0 [0046.285] WinSqmIsOptedIn () returned 0x0 [0046.286] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.286] GetLastError () returned 0xcb [0046.292] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.292] GetLastError () returned 0xcb [0046.293] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.293] GetLastError () returned 0xcb [0046.295] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.295] GetLastError () returned 0xcb [0046.296] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.296] GetLastError () returned 0xcb [0046.303] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.303] GetLastError () returned 0xcb [0046.303] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.303] GetLastError () returned 0xcb [0046.304] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.304] GetLastError () returned 0xcb [0046.306] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.306] GetLastError () returned 0xcb [0046.316] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.316] GetLastError () returned 0xcb [0046.318] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.318] GetLastError () returned 0xcb [0046.319] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.319] GetLastError () returned 0xcb [0046.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.633] GetLastError () returned 0xcb [0046.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.633] GetLastError () returned 0xcb [0046.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.633] GetLastError () returned 0xcb [0046.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.634] GetLastError () returned 0xcb [0046.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.686] GetLastError () returned 0x3 [0046.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.686] GetLastError () returned 0x3 [0046.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.686] GetLastError () returned 0x3 [0046.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.686] GetLastError () returned 0x3 [0046.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.686] GetLastError () returned 0x3 [0046.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.686] GetLastError () returned 0x3 [0046.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.686] GetLastError () returned 0x3 [0046.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.687] GetLastError () returned 0x3 [0046.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.687] GetLastError () returned 0x3 [0046.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.687] GetLastError () returned 0x3 [0046.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.687] GetLastError () returned 0x3 [0046.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.687] GetLastError () returned 0x3 [0046.690] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33 [0046.690] GetLastError () returned 0x3 [0046.693] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x367700, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0046.693] GetLastError () returned 0x3 [0046.693] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e9b0 | out: phkResult=0x29e9b0*=0x350) returned 0x0 [0046.693] RegQueryValueExW (in: hKey=0x350, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x29e9f4, lpData=0x0, lpcbData=0x29e9f0*=0x0 | out: lpType=0x29e9f4*=0x2, lpData=0x0, lpcbData=0x29e9f0*=0x6c) returned 0x0 [0046.695] RegQueryValueExW (in: hKey=0x350, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x29e9f4, lpData=0x367700, lpcbData=0x29e9f0*=0x6c | out: lpType=0x29e9f4*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x29e9f0*=0x6c) returned 0x0 [0046.695] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x367700, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb [0046.695] GetLastError () returned 0x3 [0046.695] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x367700, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0046.695] GetLastError () returned 0x3 [0046.696] RegCloseKey (hKey=0x350) returned 0x0 [0046.696] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x367700, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0046.696] GetLastError () returned 0x3 [0046.697] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e9b0 | out: phkResult=0x29e9b0*=0x350) returned 0x0 [0046.697] RegQueryValueExW (in: hKey=0x350, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x29e9f4, lpData=0x0, lpcbData=0x29e9f0*=0x0 | out: lpType=0x29e9f4*=0x0, lpData=0x0, lpcbData=0x29e9f0*=0x0) returned 0x2 [0046.698] RegCloseKey (hKey=0x350) returned 0x0 [0046.716] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x367700 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0 [0046.718] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x29e518, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27 [0046.718] GetLastError () returned 0x3f0 [0046.719] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1 [0046.719] GetLastError () returned 0x3f0 [0046.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.728] GetLastError () returned 0xcb [0046.729] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.729] GetLastError () returned 0xcb [0046.734] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.734] GetLastError () returned 0xcb [0046.734] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.734] GetLastError () returned 0xcb [0046.741] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e930 | out: phkResult=0x29e930*=0x358) returned 0x0 [0046.742] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0x29e998, lpData=0x0, lpcbData=0x29e994*=0x0 | out: lpType=0x29e998*=0x1, lpData=0x0, lpcbData=0x29e994*=0x74) returned 0x0 [0046.743] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0x29e978, lpData=0x0, lpcbData=0x29e974*=0x0 | out: lpType=0x29e978*=0x1, lpData=0x0, lpcbData=0x29e974*=0x74) returned 0x0 [0046.743] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0x29e978, lpData=0x367700, lpcbData=0x29e974*=0x74 | out: lpType=0x29e978*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x29e974*=0x74) returned 0x0 [0046.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x29e4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0046.744] GetLastError () returned 0xcb [0046.744] SetErrorMode (uMode=0x1) returned 0x1 [0046.744] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x29e978 | out: lpFileInformation=0x29e978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0046.744] GetLastError () returned 0xcb [0046.744] SetErrorMode (uMode=0x1) returned 0x1 [0046.748] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x29e4ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0046.748] GetLastError () returned 0xcb [0046.748] SetErrorMode (uMode=0x1) returned 0x1 [0046.748] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x29e96c | out: lpFileInformation=0x29e96c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0046.749] GetLastError () returned 0xcb [0046.749] SetErrorMode (uMode=0x1) returned 0x1 [0046.752] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x29e4ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0046.752] GetLastError () returned 0xcb [0046.752] SetErrorMode (uMode=0x1) returned 0x1 [0046.752] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x29e96c | out: lpFileInformation=0x29e96c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0046.753] GetLastError () returned 0xcb [0046.753] SetErrorMode (uMode=0x1) returned 0x1 [0046.766] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.766] GetLastError () returned 0xcb [0046.767] GetACP () returned 0x4e4 [0046.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x29e37c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0046.777] GetLastError () returned 0xcb [0046.777] SetErrorMode (uMode=0x1) returned 0x1 [0046.779] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x35c [0046.779] GetLastError () returned 0x0 [0046.780] GetFileType (hFile=0x35c) returned 0x1 [0046.780] SetErrorMode (uMode=0x1) returned 0x1 [0046.780] GetFileType (hFile=0x35c) returned 0x1 [0046.781] ReadFile (in: hFile=0x35c, lpBuffer=0x2ce7dc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2ce7dc8*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.784] GetLastError () returned 0x0 [0046.785] ReadFile (in: hFile=0x35c, lpBuffer=0x2ce7dc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2ce7dc8*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.785] GetLastError () returned 0x0 [0046.785] ReadFile (in: hFile=0x35c, lpBuffer=0x2ce7dc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2ce7dc8*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.785] GetLastError () returned 0x0 [0046.786] ReadFile (in: hFile=0x35c, lpBuffer=0x2ce7dc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2ce7dc8*, lpNumberOfBytesRead=0x29e8e4*=0xcf3, lpOverlapped=0x0) returned 1 [0046.786] GetLastError () returned 0x0 [0046.786] ReadFile (in: hFile=0x35c, lpBuffer=0x2ce725b, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2ce725b*, lpNumberOfBytesRead=0x29e8e4*=0x0, lpOverlapped=0x0) returned 1 [0046.786] GetLastError () returned 0x0 [0046.786] ReadFile (in: hFile=0x35c, lpBuffer=0x2ce7dc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2ce7dc8*, lpNumberOfBytesRead=0x29e8e4*=0x0, lpOverlapped=0x0) returned 1 [0046.786] GetLastError () returned 0x0 [0046.787] CloseHandle (hObject=0x35c) returned 1 [0046.787] GetLastError () returned 0x0 [0046.788] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x29e444, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0046.788] GetLastError () returned 0x0 [0046.788] SetErrorMode (uMode=0x1) returned 0x1 [0046.788] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2cf913c | out: lpFileInformation=0x2cf913c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0046.788] GetLastError () returned 0x0 [0046.788] SetErrorMode (uMode=0x1) returned 0x1 [0046.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0046.790] GetLastError () returned 0x0 [0046.790] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e868 | out: phkResult=0x29e868*=0x35c) returned 0x0 [0046.791] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e8b0, lpData=0x0, lpcbData=0x29e8ac*=0x0 | out: lpType=0x29e8b0*=0x1, lpData=0x0, lpcbData=0x29e8ac*=0x56) returned 0x0 [0046.791] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e8b0, lpData=0x367700, lpcbData=0x29e8ac*=0x56 | out: lpType=0x29e8b0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29e8ac*=0x56) returned 0x0 [0046.792] RegCloseKey (hKey=0x35c) returned 0x0 [0046.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0046.792] GetLastError () returned 0x0 [0046.792] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x29e3a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0046.792] GetLastError () returned 0x0 [0046.850] GetSystemInfo (in: lpSystemInfo=0x29dfe8 | out: lpSystemInfo=0x29dfe8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0046.852] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0046.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x29e37c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0046.878] GetLastError () returned 0x0 [0046.878] SetErrorMode (uMode=0x1) returned 0x1 [0046.879] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x35c [0046.879] GetLastError () returned 0x0 [0046.879] GetFileType (hFile=0x35c) returned 0x1 [0046.879] SetErrorMode (uMode=0x1) returned 0x1 [0046.879] GetFileType (hFile=0x35c) returned 0x1 [0046.879] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.883] GetLastError () returned 0x0 [0046.885] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.885] GetLastError () returned 0x0 [0046.886] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.886] GetLastError () returned 0x0 [0046.886] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.886] GetLastError () returned 0x0 [0046.886] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.886] GetLastError () returned 0x0 [0046.887] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.887] GetLastError () returned 0x0 [0046.887] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.888] GetLastError () returned 0x0 [0046.888] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.888] GetLastError () returned 0x0 [0046.888] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.888] GetLastError () returned 0x0 [0046.889] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.889] GetLastError () returned 0x0 [0046.889] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.889] GetLastError () returned 0x0 [0046.889] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.889] GetLastError () returned 0x0 [0046.890] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.890] GetLastError () returned 0x0 [0046.890] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.890] GetLastError () returned 0x0 [0046.890] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.890] GetLastError () returned 0x0 [0046.890] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.890] GetLastError () returned 0x0 [0046.890] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.890] GetLastError () returned 0x0 [0046.893] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.893] GetLastError () returned 0x0 [0046.893] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.893] GetLastError () returned 0x0 [0046.893] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.893] GetLastError () returned 0x0 [0046.893] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.893] GetLastError () returned 0x0 [0046.894] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.894] GetLastError () returned 0x0 [0046.894] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.894] GetLastError () returned 0x0 [0046.894] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.894] GetLastError () returned 0x0 [0046.894] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.894] GetLastError () returned 0x0 [0046.894] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.894] GetLastError () returned 0x0 [0046.895] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.895] GetLastError () returned 0x0 [0046.895] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.895] GetLastError () returned 0x0 [0046.895] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.895] GetLastError () returned 0x0 [0046.895] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.895] GetLastError () returned 0x0 [0046.895] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.895] GetLastError () returned 0x0 [0046.896] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.896] GetLastError () returned 0x0 [0046.896] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.896] GetLastError () returned 0x0 [0046.900] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.900] GetLastError () returned 0x0 [0046.900] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.900] GetLastError () returned 0x0 [0046.900] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.901] GetLastError () returned 0x0 [0046.901] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.901] GetLastError () returned 0x0 [0046.901] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.901] GetLastError () returned 0x0 [0046.901] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.901] GetLastError () returned 0x0 [0046.901] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.901] GetLastError () returned 0x0 [0046.902] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1000, lpOverlapped=0x0) returned 1 [0046.902] GetLastError () returned 0x0 [0046.902] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x1b4, lpOverlapped=0x0) returned 1 [0046.902] GetLastError () returned 0x0 [0046.902] ReadFile (in: hFile=0x35c, lpBuffer=0x2d2d558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e8e4, lpOverlapped=0x0 | out: lpBuffer=0x2d2d558*, lpNumberOfBytesRead=0x29e8e4*=0x0, lpOverlapped=0x0) returned 1 [0046.902] GetLastError () returned 0x0 [0046.902] CloseHandle (hObject=0x35c) returned 1 [0046.902] GetLastError () returned 0x0 [0046.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x29e444, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0046.902] GetLastError () returned 0x0 [0046.902] SetErrorMode (uMode=0x1) returned 0x1 [0046.902] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2d4dde8 | out: lpFileInformation=0x2d4dde8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0046.902] GetLastError () returned 0x0 [0046.902] SetErrorMode (uMode=0x1) returned 0x1 [0046.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0046.902] GetLastError () returned 0x0 [0046.903] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e868 | out: phkResult=0x29e868*=0x35c) returned 0x0 [0046.903] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e8b0, lpData=0x0, lpcbData=0x29e8ac*=0x0 | out: lpType=0x29e8b0*=0x1, lpData=0x0, lpcbData=0x29e8ac*=0x56) returned 0x0 [0046.903] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e8b0, lpData=0x367700, lpcbData=0x29e8ac*=0x56 | out: lpType=0x29e8b0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29e8ac*=0x56) returned 0x0 [0046.903] RegCloseKey (hKey=0x35c) returned 0x0 [0046.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x29e410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0046.903] GetLastError () returned 0x0 [0046.903] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x29e3a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0046.903] GetLastError () returned 0x0 [0047.107] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.119] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.121] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.121] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.121] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.121] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.122] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.126] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.137] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.138] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.138] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.138] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.138] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.139] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.139] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.139] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.146] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.152] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.152] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.153] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.154] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.154] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.155] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.155] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.156] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.157] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.157] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.157] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.158] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.158] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.160] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.163] VirtualQuery (in: lpAddress=0x29d7a8, lpBuffer=0x29e7a8, dwLength=0x1c | out: lpBuffer=0x29e7a8*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.164] VirtualQuery (in: lpAddress=0x29d7a8, lpBuffer=0x29e7a8, dwLength=0x1c | out: lpBuffer=0x29e7a8*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.164] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.165] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.212] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.212] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.212] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.219] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.219] GetLastError () returned 0xcb [0047.224] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.233] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.233] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.234] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.234] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.235] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.235] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.238] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.240] VirtualQuery (in: lpAddress=0x29d7a4, lpBuffer=0x29e7a4, dwLength=0x1c | out: lpBuffer=0x29e7a4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.245] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e92c | out: phkResult=0x29e92c*=0x358) returned 0x0 [0047.246] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0x29e994, lpData=0x0, lpcbData=0x29e990*=0x0 | out: lpType=0x29e994*=0x1, lpData=0x0, lpcbData=0x29e990*=0x74) returned 0x0 [0047.246] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0x29e974, lpData=0x0, lpcbData=0x29e970*=0x0 | out: lpType=0x29e974*=0x1, lpData=0x0, lpcbData=0x29e970*=0x74) returned 0x0 [0047.246] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0x29e974, lpData=0x367700, lpcbData=0x29e970*=0x74 | out: lpType=0x29e974*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x29e970*=0x74) returned 0x0 [0047.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x29e4f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0047.246] GetLastError () returned 0xcb [0047.246] SetErrorMode (uMode=0x1) returned 0x1 [0047.246] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x29e974 | out: lpFileInformation=0x29e974*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0047.246] GetLastError () returned 0xcb [0047.246] SetErrorMode (uMode=0x1) returned 0x1 [0047.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0047.248] GetLastError () returned 0xcb [0047.248] SetErrorMode (uMode=0x1) returned 0x1 [0047.248] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x29e968 | out: lpFileInformation=0x29e968*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0047.249] GetLastError () returned 0xcb [0047.249] SetErrorMode (uMode=0x1) returned 0x1 [0047.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0047.249] GetLastError () returned 0xcb [0047.249] SetErrorMode (uMode=0x1) returned 0x1 [0047.249] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x29e968 | out: lpFileInformation=0x29e968*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0047.250] GetLastError () returned 0xcb [0047.250] SetErrorMode (uMode=0x1) returned 0x1 [0047.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0047.250] GetLastError () returned 0xcb [0047.250] SetErrorMode (uMode=0x1) returned 0x1 [0047.250] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x29e968 | out: lpFileInformation=0x29e968*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0047.251] GetLastError () returned 0xcb [0047.251] SetErrorMode (uMode=0x1) returned 0x1 [0047.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0047.251] GetLastError () returned 0xcb [0047.251] SetErrorMode (uMode=0x1) returned 0x1 [0047.251] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x29e968 | out: lpFileInformation=0x29e968*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0047.251] GetLastError () returned 0xcb [0047.251] SetErrorMode (uMode=0x1) returned 0x1 [0047.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0047.251] GetLastError () returned 0xcb [0047.252] SetErrorMode (uMode=0x1) returned 0x1 [0047.252] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x29e968 | out: lpFileInformation=0x29e968*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1 [0047.252] GetLastError () returned 0xcb [0047.252] SetErrorMode (uMode=0x1) returned 0x1 [0047.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0047.252] GetLastError () returned 0xcb [0047.252] SetErrorMode (uMode=0x1) returned 0x1 [0047.252] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x29e968 | out: lpFileInformation=0x29e968*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1 [0047.252] GetLastError () returned 0xcb [0047.252] SetErrorMode (uMode=0x1) returned 0x1 [0047.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0047.252] GetLastError () returned 0xcb [0047.252] SetErrorMode (uMode=0x1) returned 0x1 [0047.252] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x29e968 | out: lpFileInformation=0x29e968*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1 [0047.253] GetLastError () returned 0xcb [0047.253] SetErrorMode (uMode=0x1) returned 0x1 [0047.253] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0047.253] GetLastError () returned 0xcb [0047.253] SetErrorMode (uMode=0x1) returned 0x1 [0047.253] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x29e968 | out: lpFileInformation=0x29e968*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1 [0047.254] GetLastError () returned 0xcb [0047.254] SetErrorMode (uMode=0x1) returned 0x1 [0047.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0047.254] GetLastError () returned 0xcb [0047.254] SetErrorMode (uMode=0x1) returned 0x1 [0047.254] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x29e968 | out: lpFileInformation=0x29e968*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1 [0047.254] GetLastError () returned 0xcb [0047.254] SetErrorMode (uMode=0x1) returned 0x1 [0047.255] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.255] GetLastError () returned 0xcb [0047.264] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.264] GetLastError () returned 0xcb [0047.265] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.265] GetLastError () returned 0xcb [0047.268] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.268] GetLastError () returned 0xcb [0047.269] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e27c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0047.269] GetLastError () returned 0xcb [0047.269] SetErrorMode (uMode=0x1) returned 0x1 [0047.269] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0047.269] GetLastError () returned 0x0 [0047.269] GetFileType (hFile=0x328) returned 0x1 [0047.269] SetErrorMode (uMode=0x1) returned 0x1 [0047.269] GetFileType (hFile=0x328) returned 0x1 [0047.269] ReadFile (in: hFile=0x328, lpBuffer=0x2fee5a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x2fee5a4*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.273] GetLastError () returned 0x0 [0047.275] ReadFile (in: hFile=0x328, lpBuffer=0x2fee5a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x2fee5a4*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.275] GetLastError () returned 0x0 [0047.276] ReadFile (in: hFile=0x328, lpBuffer=0x2fee5a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x2fee5a4*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.276] GetLastError () returned 0x0 [0047.276] ReadFile (in: hFile=0x328, lpBuffer=0x2fee5a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x2fee5a4*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.276] GetLastError () returned 0x0 [0047.276] ReadFile (in: hFile=0x328, lpBuffer=0x2fee5a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x2fee5a4*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.276] GetLastError () returned 0x0 [0047.276] ReadFile (in: hFile=0x328, lpBuffer=0x2fee5a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x2fee5a4*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.276] GetLastError () returned 0x0 [0047.276] ReadFile (in: hFile=0x328, lpBuffer=0x2fee5a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x2fee5a4*, lpNumberOfBytesRead=0x29e7e4*=0x9e2, lpOverlapped=0x0) returned 1 [0047.277] GetLastError () returned 0x0 [0047.277] ReadFile (in: hFile=0x328, lpBuffer=0x2fedb26, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x2fedb26*, lpNumberOfBytesRead=0x29e7e4*=0x0, lpOverlapped=0x0) returned 1 [0047.277] GetLastError () returned 0x0 [0047.277] ReadFile (in: hFile=0x328, lpBuffer=0x2fee5a4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x2fee5a4*, lpNumberOfBytesRead=0x29e7e4*=0x0, lpOverlapped=0x0) returned 1 [0047.277] GetLastError () returned 0x0 [0047.277] CloseHandle (hObject=0x328) returned 1 [0047.277] GetLastError () returned 0x0 [0047.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e344, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0047.277] GetLastError () returned 0x0 [0047.277] SetErrorMode (uMode=0x1) returned 0x1 [0047.277] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2fff660 | out: lpFileInformation=0x2fff660*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0047.277] GetLastError () returned 0x0 [0047.277] SetErrorMode (uMode=0x1) returned 0x1 [0047.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0047.277] GetLastError () returned 0x0 [0047.277] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e768 | out: phkResult=0x29e768*=0x328) returned 0x0 [0047.278] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e7b0, lpData=0x0, lpcbData=0x29e7ac*=0x0 | out: lpType=0x29e7b0*=0x1, lpData=0x0, lpcbData=0x29e7ac*=0x56) returned 0x0 [0047.278] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e7b0, lpData=0x367700, lpcbData=0x29e7ac*=0x56 | out: lpType=0x29e7b0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29e7ac*=0x56) returned 0x0 [0047.278] RegCloseKey (hKey=0x328) returned 0x0 [0047.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0047.278] GetLastError () returned 0x0 [0047.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0047.278] GetLastError () returned 0x0 [0047.298] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xdc50e66a, Data2=0x947a, Data3=0x4091, Data4=([0]=0x8b, [1]=0x71, [2]=0x1, [3]=0x3d, [4]=0x69, [5]=0xcc, [6]=0x39, [7]=0xe2))) returned 0x0 [0047.316] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x8104d806, Data2=0xd097, Data3=0x4de6, Data4=([0]=0xac, [1]=0x2, [2]=0x77, [3]=0x1f, [4]=0xa5, [5]=0xc3, [6]=0xb6, [7]=0x3d))) returned 0x0 [0047.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e27c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0047.317] GetLastError () returned 0x0 [0047.317] SetErrorMode (uMode=0x1) returned 0x1 [0047.317] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0047.317] GetLastError () returned 0x0 [0047.317] GetFileType (hFile=0x328) returned 0x1 [0047.317] SetErrorMode (uMode=0x1) returned 0x1 [0047.317] GetFileType (hFile=0x328) returned 0x1 [0047.318] ReadFile (in: hFile=0x328, lpBuffer=0x3012948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x3012948*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.327] GetLastError () returned 0x0 [0047.328] ReadFile (in: hFile=0x328, lpBuffer=0x3012948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x3012948*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.328] GetLastError () returned 0x0 [0047.328] ReadFile (in: hFile=0x328, lpBuffer=0x3012948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x3012948*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.328] GetLastError () returned 0x0 [0047.329] ReadFile (in: hFile=0x328, lpBuffer=0x3012948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x3012948*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.329] GetLastError () returned 0x0 [0047.329] ReadFile (in: hFile=0x328, lpBuffer=0x3012948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x3012948*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.329] GetLastError () returned 0x0 [0047.330] ReadFile (in: hFile=0x328, lpBuffer=0x3012948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x3012948*, lpNumberOfBytesRead=0x29e7e4*=0xfb2, lpOverlapped=0x0) returned 1 [0047.330] GetLastError () returned 0x0 [0047.330] ReadFile (in: hFile=0x328, lpBuffer=0x301209a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x301209a*, lpNumberOfBytesRead=0x29e7e4*=0x0, lpOverlapped=0x0) returned 1 [0047.330] GetLastError () returned 0x0 [0047.330] ReadFile (in: hFile=0x328, lpBuffer=0x3012948, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x3012948*, lpNumberOfBytesRead=0x29e7e4*=0x0, lpOverlapped=0x0) returned 1 [0047.330] GetLastError () returned 0x0 [0047.330] CloseHandle (hObject=0x328) returned 1 [0047.330] GetLastError () returned 0x0 [0047.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e344, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0047.331] GetLastError () returned 0x0 [0047.331] SetErrorMode (uMode=0x1) returned 0x1 [0047.331] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x30331d8 | out: lpFileInformation=0x30331d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0047.331] GetLastError () returned 0x0 [0047.331] SetErrorMode (uMode=0x1) returned 0x1 [0047.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0047.331] GetLastError () returned 0x0 [0047.331] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e768 | out: phkResult=0x29e768*=0x328) returned 0x0 [0047.331] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e7b0, lpData=0x0, lpcbData=0x29e7ac*=0x0 | out: lpType=0x29e7b0*=0x1, lpData=0x0, lpcbData=0x29e7ac*=0x56) returned 0x0 [0047.331] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e7b0, lpData=0x367700, lpcbData=0x29e7ac*=0x56 | out: lpType=0x29e7b0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29e7ac*=0x56) returned 0x0 [0047.331] RegCloseKey (hKey=0x328) returned 0x0 [0047.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0047.331] GetLastError () returned 0x0 [0047.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0047.331] GetLastError () returned 0x0 [0047.333] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xa96a5ffe, Data2=0xf09a, Data3=0x4a9e, Data4=([0]=0xb5, [1]=0xf3, [2]=0x30, [3]=0x7e, [4]=0x1d, [5]=0x3b, [6]=0x14, [7]=0xf0))) returned 0x0 [0047.340] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x9c5cf13b, Data2=0x7990, Data3=0x4f2d, Data4=([0]=0x8d, [1]=0xde, [2]=0x87, [3]=0x19, [4]=0x0, [5]=0x5e, [6]=0xd3, [7]=0xc9))) returned 0x0 [0047.343] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x83f88a3b, Data2=0x9658, Data3=0x449c, Data4=([0]=0xbc, [1]=0x5c, [2]=0xac, [3]=0x50, [4]=0xe5, [5]=0x85, [6]=0x1e, [7]=0x22))) returned 0x0 [0047.344] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x28079d81, Data2=0xcbfb, Data3=0x41d9, Data4=([0]=0x85, [1]=0xea, [2]=0x81, [3]=0x74, [4]=0x56, [5]=0x96, [6]=0xe7, [7]=0x59))) returned 0x0 [0047.344] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x1039c8b5, Data2=0x6ef3, Data3=0x4b85, Data4=([0]=0xa5, [1]=0xc7, [2]=0x8c, [3]=0x68, [4]=0x63, [5]=0x7b, [6]=0x42, [7]=0xff))) returned 0x0 [0047.344] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xfec75639, Data2=0x7d50, Data3=0x4173, Data4=([0]=0xac, [1]=0x5e, [2]=0x81, [3]=0x99, [4]=0x72, [5]=0x9b, [6]=0x5a, [7]=0xee))) returned 0x0 [0047.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e27c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0047.344] GetLastError () returned 0x0 [0047.344] SetErrorMode (uMode=0x1) returned 0x1 [0047.344] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0047.344] GetLastError () returned 0x0 [0047.344] GetFileType (hFile=0x328) returned 0x1 [0047.344] SetErrorMode (uMode=0x1) returned 0x1 [0047.344] GetFileType (hFile=0x328) returned 0x1 [0047.345] ReadFile (in: hFile=0x328, lpBuffer=0x3052b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x3052b80*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.350] GetLastError () returned 0x0 [0047.351] ReadFile (in: hFile=0x328, lpBuffer=0x3052b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x3052b80*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.351] GetLastError () returned 0x0 [0047.352] ReadFile (in: hFile=0x328, lpBuffer=0x3052b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x3052b80*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.352] GetLastError () returned 0x0 [0047.352] ReadFile (in: hFile=0x328, lpBuffer=0x3052b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x3052b80*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.352] GetLastError () returned 0x0 [0047.353] ReadFile (in: hFile=0x328, lpBuffer=0x3052b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x3052b80*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.353] GetLastError () returned 0x0 [0047.353] ReadFile (in: hFile=0x328, lpBuffer=0x3052b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x3052b80*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.353] GetLastError () returned 0x0 [0047.353] ReadFile (in: hFile=0x328, lpBuffer=0x3052b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x3052b80*, lpNumberOfBytesRead=0x29e7e4*=0xaca, lpOverlapped=0x0) returned 1 [0047.353] GetLastError () returned 0x0 [0047.353] ReadFile (in: hFile=0x328, lpBuffer=0x30521ea, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x30521ea*, lpNumberOfBytesRead=0x29e7e4*=0x0, lpOverlapped=0x0) returned 1 [0047.353] GetLastError () returned 0x0 [0047.353] ReadFile (in: hFile=0x328, lpBuffer=0x3052b80, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x3052b80*, lpNumberOfBytesRead=0x29e7e4*=0x0, lpOverlapped=0x0) returned 1 [0047.353] GetLastError () returned 0x0 [0047.354] CloseHandle (hObject=0x328) returned 1 [0047.354] GetLastError () returned 0x0 [0047.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e344, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0047.354] GetLastError () returned 0x0 [0047.354] SetErrorMode (uMode=0x1) returned 0x1 [0047.354] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x3073b7c | out: lpFileInformation=0x3073b7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0047.354] GetLastError () returned 0x0 [0047.354] SetErrorMode (uMode=0x1) returned 0x1 [0047.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0047.354] GetLastError () returned 0x0 [0047.354] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e768 | out: phkResult=0x29e768*=0x328) returned 0x0 [0047.355] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e7b0, lpData=0x0, lpcbData=0x29e7ac*=0x0 | out: lpType=0x29e7b0*=0x1, lpData=0x0, lpcbData=0x29e7ac*=0x56) returned 0x0 [0047.355] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e7b0, lpData=0x367700, lpcbData=0x29e7ac*=0x56 | out: lpType=0x29e7b0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29e7ac*=0x56) returned 0x0 [0047.355] RegCloseKey (hKey=0x328) returned 0x0 [0047.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0047.355] GetLastError () returned 0x0 [0047.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0047.355] GetLastError () returned 0x0 [0047.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x29dfd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a [0047.370] GetLastError () returned 0x0 [0047.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29dfd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0047.372] GetLastError () returned 0x57 [0047.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x29dfd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48 [0047.380] GetLastError () returned 0x57 [0047.384] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.384] GetLastError () returned 0x57 [0047.386] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x29dfd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0047.386] GetLastError () returned 0x57 [0047.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x29dfd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52 [0047.394] GetLastError () returned 0x57 [0047.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x29dfd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74 [0047.400] GetLastError () returned 0x57 [0047.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x29dfd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0047.402] GetLastError () returned 0x57 [0047.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x29dfd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60 [0047.410] GetLastError () returned 0x57 [0047.416] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x29dfd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0047.416] GetLastError () returned 0x57 [0047.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x29dfd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0047.417] GetLastError () returned 0x57 [0047.417] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x29dfd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0047.417] GetLastError () returned 0x57 [0047.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x29dfd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50 [0047.418] GetLastError () returned 0x57 [0047.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x29dfd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e [0047.419] GetLastError () returned 0x57 [0047.421] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x29dfd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c [0047.421] GetLastError () returned 0x57 [0047.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x29dfd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a [0047.422] GetLastError () returned 0x57 [0047.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29dfd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0047.422] GetLastError () returned 0x57 [0047.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x29dfd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48 [0047.422] GetLastError () returned 0x57 [0047.422] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.422] GetLastError () returned 0x57 [0047.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.423] GetLastError () returned 0x57 [0047.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.423] GetLastError () returned 0x57 [0047.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.423] GetLastError () returned 0x57 [0047.423] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.423] GetLastError () returned 0x57 [0047.445] VirtualQuery (in: lpAddress=0x29d4c0, lpBuffer=0x29e4c0, dwLength=0x1c | out: lpBuffer=0x29e4c0*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.449] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xf90413e3, Data2=0x921, Data3=0x40d9, Data4=([0]=0x86, [1]=0xd, [2]=0x85, [3]=0x30, [4]=0xad, [5]=0xb1, [6]=0x6b, [7]=0x8d))) returned 0x0 [0047.450] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x723d48b3, Data2=0xa374, Data3=0x45c3, Data4=([0]=0xb1, [1]=0x9c, [2]=0xaa, [3]=0x6b, [4]=0xb, [5]=0x8f, [6]=0x5a, [7]=0xc6))) returned 0x0 [0047.450] VirtualQuery (in: lpAddress=0x29d538, lpBuffer=0x29e538, dwLength=0x1c | out: lpBuffer=0x29e538*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.451] VirtualQuery (in: lpAddress=0x29d538, lpBuffer=0x29e538, dwLength=0x1c | out: lpBuffer=0x29e538*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.451] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x22a4c857, Data2=0x5c89, Data3=0x4f47, Data4=([0]=0x9f, [1]=0x9a, [2]=0x88, [3]=0xa6, [4]=0x49, [5]=0x4a, [6]=0x61, [7]=0x38))) returned 0x0 [0047.456] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xf32c40a2, Data2=0x27eb, Data3=0x46ec, Data4=([0]=0x82, [1]=0x1, [2]=0xc6, [3]=0xa, [4]=0x69, [5]=0xb0, [6]=0xa8, [7]=0x2d))) returned 0x0 [0047.456] VirtualQuery (in: lpAddress=0x29d664, lpBuffer=0x29e664, dwLength=0x1c | out: lpBuffer=0x29e664*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.456] VirtualQuery (in: lpAddress=0x29d510, lpBuffer=0x29e510, dwLength=0x1c | out: lpBuffer=0x29e510*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.456] VirtualQuery (in: lpAddress=0x29d510, lpBuffer=0x29e510, dwLength=0x1c | out: lpBuffer=0x29e510*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.456] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x8f4be427, Data2=0x184e, Data3=0x409a, Data4=([0]=0x96, [1]=0x76, [2]=0xb8, [3]=0xc8, [4]=0x5d, [5]=0x4f, [6]=0x2d, [7]=0x3e))) returned 0x0 [0047.456] VirtualQuery (in: lpAddress=0x29d664, lpBuffer=0x29e664, dwLength=0x1c | out: lpBuffer=0x29e664*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.457] VirtualQuery (in: lpAddress=0x29d57c, lpBuffer=0x29e57c, dwLength=0x1c | out: lpBuffer=0x29e57c*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.457] VirtualQuery (in: lpAddress=0x29d230, lpBuffer=0x29e230, dwLength=0x1c | out: lpBuffer=0x29e230*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.458] VirtualQuery (in: lpAddress=0x29d230, lpBuffer=0x29e230, dwLength=0x1c | out: lpBuffer=0x29e230*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.458] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x347bd318, Data2=0x65db, Data3=0x49ab, Data4=([0]=0xb0, [1]=0x7f, [2]=0x92, [3]=0x37, [4]=0xfb, [5]=0x5, [6]=0xee, [7]=0xb9))) returned 0x0 [0047.458] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x7e4ae629, Data2=0x6163, Data3=0x4c06, Data4=([0]=0x9a, [1]=0x33, [2]=0x18, [3]=0xe0, [4]=0xb1, [5]=0xcd, [6]=0x62, [7]=0x53))) returned 0x0 [0047.458] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e27c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0047.458] GetLastError () returned 0x57 [0047.458] SetErrorMode (uMode=0x1) returned 0x1 [0047.459] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0047.459] GetLastError () returned 0x0 [0047.459] GetFileType (hFile=0x328) returned 0x1 [0047.459] SetErrorMode (uMode=0x1) returned 0x1 [0047.459] GetFileType (hFile=0x328) returned 0x1 [0047.459] ReadFile (in: hFile=0x328, lpBuffer=0x30d8c7c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x30d8c7c*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.460] GetLastError () returned 0x0 [0047.461] ReadFile (in: hFile=0x328, lpBuffer=0x30d8c7c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x30d8c7c*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.462] GetLastError () returned 0x0 [0047.462] ReadFile (in: hFile=0x328, lpBuffer=0x30d8c7c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x30d8c7c*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.462] GetLastError () returned 0x0 [0047.462] ReadFile (in: hFile=0x328, lpBuffer=0x30d8c7c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x30d8c7c*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.462] GetLastError () returned 0x0 [0047.463] ReadFile (in: hFile=0x328, lpBuffer=0x30d8c7c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x30d8c7c*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.463] GetLastError () returned 0x0 [0047.463] ReadFile (in: hFile=0x328, lpBuffer=0x30d8c7c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x30d8c7c*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.464] GetLastError () returned 0x0 [0047.464] ReadFile (in: hFile=0x328, lpBuffer=0x30d8c7c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x30d8c7c*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.464] GetLastError () returned 0x0 [0047.464] ReadFile (in: hFile=0x328, lpBuffer=0x30d8c7c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x30d8c7c*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.464] GetLastError () returned 0x0 [0047.465] ReadFile (in: hFile=0x328, lpBuffer=0x30d8c7c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x30d8c7c*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.465] GetLastError () returned 0x0 [0047.465] ReadFile (in: hFile=0x328, lpBuffer=0x30d8c7c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x30d8c7c*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.465] GetLastError () returned 0x0 [0047.466] ReadFile (in: hFile=0x328, lpBuffer=0x30d8c7c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x30d8c7c*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.466] GetLastError () returned 0x0 [0047.466] ReadFile (in: hFile=0x328, lpBuffer=0x30d8c7c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x30d8c7c*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.466] GetLastError () returned 0x0 [0047.466] ReadFile (in: hFile=0x328, lpBuffer=0x30d8c7c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x30d8c7c*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.466] GetLastError () returned 0x0 [0047.466] ReadFile (in: hFile=0x328, lpBuffer=0x30d8c7c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x30d8c7c*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.466] GetLastError () returned 0x0 [0047.466] ReadFile (in: hFile=0x328, lpBuffer=0x30d8c7c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x30d8c7c*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.466] GetLastError () returned 0x0 [0047.467] ReadFile (in: hFile=0x328, lpBuffer=0x30d8c7c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x30d8c7c*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.467] GetLastError () returned 0x0 [0047.469] ReadFile (in: hFile=0x328, lpBuffer=0x30d8c7c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x30d8c7c*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.469] GetLastError () returned 0x0 [0047.469] ReadFile (in: hFile=0x328, lpBuffer=0x30d8c7c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x30d8c7c*, lpNumberOfBytesRead=0x29e7e4*=0xbce, lpOverlapped=0x0) returned 1 [0047.469] GetLastError () returned 0x0 [0047.469] ReadFile (in: hFile=0x328, lpBuffer=0x30d83ea, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x30d83ea*, lpNumberOfBytesRead=0x29e7e4*=0x0, lpOverlapped=0x0) returned 1 [0047.469] GetLastError () returned 0x0 [0047.469] ReadFile (in: hFile=0x328, lpBuffer=0x30d8c7c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x30d8c7c*, lpNumberOfBytesRead=0x29e7e4*=0x0, lpOverlapped=0x0) returned 1 [0047.469] GetLastError () returned 0x0 [0047.469] CloseHandle (hObject=0x328) returned 1 [0047.470] GetLastError () returned 0x0 [0047.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e344, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0047.470] GetLastError () returned 0x0 [0047.470] SetErrorMode (uMode=0x1) returned 0x1 [0047.470] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x30f9c78 | out: lpFileInformation=0x30f9c78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0047.470] GetLastError () returned 0x0 [0047.470] SetErrorMode (uMode=0x1) returned 0x1 [0047.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0047.470] GetLastError () returned 0x0 [0047.470] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e768 | out: phkResult=0x29e768*=0x328) returned 0x0 [0047.470] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e7b0, lpData=0x0, lpcbData=0x29e7ac*=0x0 | out: lpType=0x29e7b0*=0x1, lpData=0x0, lpcbData=0x29e7ac*=0x56) returned 0x0 [0047.470] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e7b0, lpData=0x367700, lpcbData=0x29e7ac*=0x56 | out: lpType=0x29e7b0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29e7ac*=0x56) returned 0x0 [0047.470] RegCloseKey (hKey=0x328) returned 0x0 [0047.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0047.471] GetLastError () returned 0x0 [0047.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0047.471] GetLastError () returned 0x0 [0047.474] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xaddfcc65, Data2=0xb55e, Data3=0x4952, Data4=([0]=0xa7, [1]=0xaa, [2]=0xd, [3]=0xab, [4]=0x31, [5]=0xb1, [6]=0xe8, [7]=0xe4))) returned 0x0 [0047.474] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x12f43b76, Data2=0x858d, Data3=0x455a, Data4=([0]=0xbb, [1]=0x18, [2]=0xba, [3]=0xc9, [4]=0x7a, [5]=0x1e, [6]=0x8a, [7]=0xf1))) returned 0x0 [0047.475] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x3cc69a61, Data2=0xd932, Data3=0x4bcc, Data4=([0]=0x8c, [1]=0xed, [2]=0x20, [3]=0x3e, [4]=0x36, [5]=0xe5, [6]=0x54, [7]=0x85))) returned 0x0 [0047.475] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xc3b808c, Data2=0x7ebe, Data3=0x4bb5, Data4=([0]=0xa0, [1]=0x50, [2]=0x2f, [3]=0x7f, [4]=0x96, [5]=0x1e, [6]=0x76, [7]=0x59))) returned 0x0 [0047.475] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x80230abc, Data2=0x9d7a, Data3=0x453d, Data4=([0]=0xb7, [1]=0x70, [2]=0x6b, [3]=0xc5, [4]=0xa9, [5]=0x9f, [6]=0xae, [7]=0x0))) returned 0x0 [0047.475] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x2581ee19, Data2=0xebf8, Data3=0x4026, Data4=([0]=0x92, [1]=0x99, [2]=0x88, [3]=0xc5, [4]=0xa2, [5]=0xdb, [6]=0xbf, [7]=0x4))) returned 0x0 [0047.475] VirtualQuery (in: lpAddress=0x29d510, lpBuffer=0x29e510, dwLength=0x1c | out: lpBuffer=0x29e510*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.475] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xa0d2961f, Data2=0x3c87, Data3=0x4080, Data4=([0]=0x9f, [1]=0xe9, [2]=0xbf, [3]=0xf9, [4]=0x7b, [5]=0xb5, [6]=0xb6, [7]=0x9))) returned 0x0 [0047.476] VirtualQuery (in: lpAddress=0x29d510, lpBuffer=0x29e510, dwLength=0x1c | out: lpBuffer=0x29e510*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.476] VirtualQuery (in: lpAddress=0x29d510, lpBuffer=0x29e510, dwLength=0x1c | out: lpBuffer=0x29e510*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.476] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xd02492a8, Data2=0x7d03, Data3=0x443c, Data4=([0]=0xb8, [1]=0xce, [2]=0xbf, [3]=0x69, [4]=0x42, [5]=0xcb, [6]=0x72, [7]=0x52))) returned 0x0 [0047.476] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x87dbe11d, Data2=0x5af8, Data3=0x4874, Data4=([0]=0x98, [1]=0xc9, [2]=0x2d, [3]=0xbf, [4]=0xa3, [5]=0x13, [6]=0x83, [7]=0xa1))) returned 0x0 [0047.476] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x8dd90851, Data2=0x225e, Data3=0x4b68, Data4=([0]=0x8a, [1]=0x5a, [2]=0x96, [3]=0x5d, [4]=0x95, [5]=0xde, [6]=0x86, [7]=0x85))) returned 0x0 [0047.477] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x67278df9, Data2=0xfbdc, Data3=0x46fa, Data4=([0]=0x8a, [1]=0x82, [2]=0x84, [3]=0xe7, [4]=0x6f, [5]=0x49, [6]=0x15, [7]=0x40))) returned 0x0 [0047.477] VirtualQuery (in: lpAddress=0x29d510, lpBuffer=0x29e510, dwLength=0x1c | out: lpBuffer=0x29e510*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.477] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x9832152b, Data2=0xdb8, Data3=0x4d0a, Data4=([0]=0xa1, [1]=0xe9, [2]=0x47, [3]=0x30, [4]=0x67, [5]=0x4c, [6]=0xe6, [7]=0x58))) returned 0x0 [0047.477] VirtualQuery (in: lpAddress=0x29d510, lpBuffer=0x29e510, dwLength=0x1c | out: lpBuffer=0x29e510*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.477] VirtualQuery (in: lpAddress=0x29d510, lpBuffer=0x29e510, dwLength=0x1c | out: lpBuffer=0x29e510*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.478] VirtualQuery (in: lpAddress=0x29d510, lpBuffer=0x29e510, dwLength=0x1c | out: lpBuffer=0x29e510*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.478] VirtualQuery (in: lpAddress=0x29d510, lpBuffer=0x29e510, dwLength=0x1c | out: lpBuffer=0x29e510*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.479] VirtualQuery (in: lpAddress=0x29d510, lpBuffer=0x29e510, dwLength=0x1c | out: lpBuffer=0x29e510*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.479] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xbc8fa906, Data2=0xccfb, Data3=0x4fe0, Data4=([0]=0x84, [1]=0x47, [2]=0xa6, [3]=0xe, [4]=0xe6, [5]=0xd8, [6]=0x52, [7]=0xa3))) returned 0x0 [0047.479] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xf63126a8, Data2=0xb6be, Data3=0x42f4, Data4=([0]=0xa8, [1]=0xa7, [2]=0xc7, [3]=0x99, [4]=0x1b, [5]=0xbb, [6]=0x79, [7]=0xac))) returned 0x0 [0047.479] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x9ffc9675, Data2=0x1baa, Data3=0x4329, Data4=([0]=0xbf, [1]=0x65, [2]=0xbd, [3]=0x3d, [4]=0xd0, [5]=0x48, [6]=0xed, [7]=0xeb))) returned 0x0 [0047.480] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x469e419a, Data2=0xb8dc, Data3=0x434d, Data4=([0]=0xbb, [1]=0xb7, [2]=0x28, [3]=0xc3, [4]=0x6, [5]=0xad, [6]=0x13, [7]=0xfa))) returned 0x0 [0047.480] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xd0dadb3c, Data2=0xc746, Data3=0x4698, Data4=([0]=0xbb, [1]=0xe3, [2]=0x0, [3]=0xa1, [4]=0x3e, [5]=0x3b, [6]=0xfd, [7]=0xc0))) returned 0x0 [0047.480] VirtualQuery (in: lpAddress=0x29d664, lpBuffer=0x29e664, dwLength=0x1c | out: lpBuffer=0x29e664*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.480] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x1f3f0712, Data2=0x184b, Data3=0x4808, Data4=([0]=0x88, [1]=0x3d, [2]=0x8, [3]=0x55, [4]=0x2f, [5]=0xd7, [6]=0x7b, [7]=0x60))) returned 0x0 [0047.480] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x41b1ef0c, Data2=0xc7d7, Data3=0x40e9, Data4=([0]=0xb1, [1]=0x87, [2]=0x8e, [3]=0x82, [4]=0x25, [5]=0xef, [6]=0x2, [7]=0xcf))) returned 0x0 [0047.480] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x220d56dc, Data2=0xc0b6, Data3=0x47f9, Data4=([0]=0xa3, [1]=0x18, [2]=0xa9, [3]=0x76, [4]=0xa7, [5]=0xe6, [6]=0x6c, [7]=0x67))) returned 0x0 [0047.481] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x809ffad, Data2=0x5f8c, Data3=0x44ff, Data4=([0]=0x8f, [1]=0x52, [2]=0xa2, [3]=0xf8, [4]=0x11, [5]=0x23, [6]=0x55, [7]=0x5b))) returned 0x0 [0047.481] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x6fbdae15, Data2=0x38f2, Data3=0x4ae8, Data4=([0]=0xaf, [1]=0xa3, [2]=0xdb, [3]=0x67, [4]=0xf5, [5]=0x4, [6]=0x2b, [7]=0x61))) returned 0x0 [0047.481] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x5147f277, Data2=0x5ab8, Data3=0x4724, Data4=([0]=0x8d, [1]=0x1f, [2]=0x7b, [3]=0xa, [4]=0x8c, [5]=0xe7, [6]=0x6b, [7]=0x79))) returned 0x0 [0047.481] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xd836543a, Data2=0x79aa, Data3=0x4c62, Data4=([0]=0xa0, [1]=0x33, [2]=0x77, [3]=0xcd, [4]=0x83, [5]=0x94, [6]=0x76, [7]=0xd0))) returned 0x0 [0047.481] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x498db069, Data2=0xcda2, Data3=0x4020, Data4=([0]=0x86, [1]=0xf, [2]=0x27, [3]=0x65, [4]=0x2, [5]=0xe5, [6]=0x7d, [7]=0xbe))) returned 0x0 [0047.482] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x27bdf6c8, Data2=0x1d63, Data3=0x42c3, Data4=([0]=0x8c, [1]=0xcd, [2]=0x7d, [3]=0x12, [4]=0x6f, [5]=0xbe, [6]=0x4a, [7]=0xd5))) returned 0x0 [0047.482] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x7065e1cd, Data2=0x2d81, Data3=0x4641, Data4=([0]=0x85, [1]=0xa3, [2]=0x66, [3]=0x77, [4]=0xbd, [5]=0x8d, [6]=0x60, [7]=0x6))) returned 0x0 [0047.482] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xb7fc1eae, Data2=0x83ac, Data3=0x4c3c, Data4=([0]=0xb8, [1]=0x8b, [2]=0xa0, [3]=0x53, [4]=0x12, [5]=0xf8, [6]=0x27, [7]=0xbd))) returned 0x0 [0047.482] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xf6edab98, Data2=0xadca, Data3=0x4873, Data4=([0]=0x8f, [1]=0x1f, [2]=0x31, [3]=0x6f, [4]=0xce, [5]=0x15, [6]=0x61, [7]=0x47))) returned 0x0 [0047.482] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xfdafa452, Data2=0xcca7, Data3=0x44d3, Data4=([0]=0xa3, [1]=0x1f, [2]=0x16, [3]=0x43, [4]=0xd9, [5]=0xec, [6]=0x58, [7]=0x27))) returned 0x0 [0047.483] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x75ea279c, Data2=0xa29d, Data3=0x4451, Data4=([0]=0xb3, [1]=0x7c, [2]=0xce, [3]=0x1e, [4]=0xc8, [5]=0x93, [6]=0x7d, [7]=0x61))) returned 0x0 [0047.483] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x3b049070, Data2=0x4afd, Data3=0x4eef, Data4=([0]=0xab, [1]=0x6, [2]=0x63, [3]=0xf5, [4]=0x61, [5]=0x81, [6]=0xd8, [7]=0x6))) returned 0x0 [0047.483] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xd73a506c, Data2=0xaef9, Data3=0x4a07, Data4=([0]=0x81, [1]=0xa9, [2]=0xcf, [3]=0x9b, [4]=0x7d, [5]=0x70, [6]=0x42, [7]=0x3c))) returned 0x0 [0047.483] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xd472579a, Data2=0x1f95, Data3=0x4046, Data4=([0]=0xbf, [1]=0x25, [2]=0xa1, [3]=0x8d, [4]=0x30, [5]=0x9c, [6]=0x1, [7]=0xbd))) returned 0x0 [0047.483] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x3e59bbf7, Data2=0x494, Data3=0x47cc, Data4=([0]=0x94, [1]=0x11, [2]=0x27, [3]=0x86, [4]=0xce, [5]=0xf4, [6]=0xd6, [7]=0x5))) returned 0x0 [0047.483] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xbfdcd66d, Data2=0x8e3d, Data3=0x46ce, Data4=([0]=0xa3, [1]=0xbe, [2]=0xe5, [3]=0x0, [4]=0x8e, [5]=0xf8, [6]=0x88, [7]=0x7c))) returned 0x0 [0047.483] VirtualQuery (in: lpAddress=0x29d510, lpBuffer=0x29e510, dwLength=0x1c | out: lpBuffer=0x29e510*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.484] VirtualQuery (in: lpAddress=0x29d510, lpBuffer=0x29e510, dwLength=0x1c | out: lpBuffer=0x29e510*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.485] VirtualQuery (in: lpAddress=0x29d510, lpBuffer=0x29e510, dwLength=0x1c | out: lpBuffer=0x29e510*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.487] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x58958845, Data2=0x8289, Data3=0x4056, Data4=([0]=0x8f, [1]=0x9e, [2]=0x6b, [3]=0x3a, [4]=0x8, [5]=0xf7, [6]=0x8c, [7]=0x31))) returned 0x0 [0047.488] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e27c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0047.488] GetLastError () returned 0x0 [0047.488] SetErrorMode (uMode=0x1) returned 0x1 [0047.488] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0047.488] GetLastError () returned 0x0 [0047.488] GetFileType (hFile=0x328) returned 0x1 [0047.488] SetErrorMode (uMode=0x1) returned 0x1 [0047.488] GetFileType (hFile=0x328) returned 0x1 [0047.488] ReadFile (in: hFile=0x328, lpBuffer=0x3196b64, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x3196b64*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.490] GetLastError () returned 0x0 [0047.491] ReadFile (in: hFile=0x328, lpBuffer=0x3196b64, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x3196b64*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.491] GetLastError () returned 0x0 [0047.491] ReadFile (in: hFile=0x328, lpBuffer=0x3196b64, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x3196b64*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.491] GetLastError () returned 0x0 [0047.491] ReadFile (in: hFile=0x328, lpBuffer=0x3196b64, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x3196b64*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.491] GetLastError () returned 0x0 [0047.492] ReadFile (in: hFile=0x328, lpBuffer=0x3196b64, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x3196b64*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.492] GetLastError () returned 0x0 [0047.492] ReadFile (in: hFile=0x328, lpBuffer=0x3196b64, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x3196b64*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.493] GetLastError () returned 0x0 [0047.493] ReadFile (in: hFile=0x328, lpBuffer=0x3196b64, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x3196b64*, lpNumberOfBytesRead=0x29e7e4*=0x119, lpOverlapped=0x0) returned 1 [0047.493] GetLastError () returned 0x0 [0047.493] ReadFile (in: hFile=0x328, lpBuffer=0x3196b64, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x3196b64*, lpNumberOfBytesRead=0x29e7e4*=0x0, lpOverlapped=0x0) returned 1 [0047.493] GetLastError () returned 0x0 [0047.493] CloseHandle (hObject=0x328) returned 1 [0047.493] GetLastError () returned 0x0 [0047.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e344, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0047.493] GetLastError () returned 0x0 [0047.493] SetErrorMode (uMode=0x1) returned 0x1 [0047.493] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x31b7b60 | out: lpFileInformation=0x31b7b60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1 [0047.493] GetLastError () returned 0x0 [0047.493] SetErrorMode (uMode=0x1) returned 0x1 [0047.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0047.493] GetLastError () returned 0x0 [0047.493] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e768 | out: phkResult=0x29e768*=0x328) returned 0x0 [0047.494] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e7b0, lpData=0x0, lpcbData=0x29e7ac*=0x0 | out: lpType=0x29e7b0*=0x1, lpData=0x0, lpcbData=0x29e7ac*=0x56) returned 0x0 [0047.494] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e7b0, lpData=0x367700, lpcbData=0x29e7ac*=0x56 | out: lpType=0x29e7b0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29e7ac*=0x56) returned 0x0 [0047.494] RegCloseKey (hKey=0x328) returned 0x0 [0047.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0047.494] GetLastError () returned 0x0 [0047.494] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0047.494] GetLastError () returned 0x0 [0047.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.495] GetLastError () returned 0x0 [0047.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.495] GetLastError () returned 0x0 [0047.495] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.495] GetLastError () returned 0x0 [0047.495] VirtualQuery (in: lpAddress=0x29d4c0, lpBuffer=0x29e4c0, dwLength=0x1c | out: lpBuffer=0x29e4c0*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.496] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x13279e13, Data2=0x46fa, Data3=0x4c72, Data4=([0]=0x8e, [1]=0x81, [2]=0x84, [3]=0x2f, [4]=0x3e, [5]=0x3a, [6]=0x53, [7]=0x54))) returned 0x0 [0047.496] VirtualQuery (in: lpAddress=0x29d510, lpBuffer=0x29e510, dwLength=0x1c | out: lpBuffer=0x29e510*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.496] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xc0a99207, Data2=0xb4fc, Data3=0x4214, Data4=([0]=0xb4, [1]=0x47, [2]=0x92, [3]=0x8a, [4]=0x62, [5]=0xce, [6]=0x36, [7]=0x97))) returned 0x0 [0047.496] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x335e5fa0, Data2=0xfbb, Data3=0x453e, Data4=([0]=0x99, [1]=0x6e, [2]=0x63, [3]=0xf9, [4]=0x33, [5]=0x17, [6]=0xb4, [7]=0xc0))) returned 0x0 [0047.496] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x6f63e4c5, Data2=0xdd50, Data3=0x4548, Data4=([0]=0x91, [1]=0xe3, [2]=0x61, [3]=0xf9, [4]=0xf7, [5]=0x3, [6]=0xbe, [7]=0xab))) returned 0x0 [0047.498] VirtualQuery (in: lpAddress=0x29d510, lpBuffer=0x29e510, dwLength=0x1c | out: lpBuffer=0x29e510*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.498] VirtualQuery (in: lpAddress=0x29d510, lpBuffer=0x29e510, dwLength=0x1c | out: lpBuffer=0x29e510*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e27c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0047.498] GetLastError () returned 0x0 [0047.498] SetErrorMode (uMode=0x1) returned 0x1 [0047.498] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0047.498] GetLastError () returned 0x0 [0047.498] GetFileType (hFile=0x328) returned 0x1 [0047.498] SetErrorMode (uMode=0x1) returned 0x1 [0047.498] GetFileType (hFile=0x328) returned 0x1 [0047.498] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.500] GetLastError () returned 0x0 [0047.502] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.502] GetLastError () returned 0x0 [0047.502] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.502] GetLastError () returned 0x0 [0047.502] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.502] GetLastError () returned 0x0 [0047.503] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.503] GetLastError () returned 0x0 [0047.503] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.503] GetLastError () returned 0x0 [0047.503] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.503] GetLastError () returned 0x0 [0047.503] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.503] GetLastError () returned 0x0 [0047.504] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.504] GetLastError () returned 0x0 [0047.505] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.505] GetLastError () returned 0x0 [0047.505] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.505] GetLastError () returned 0x0 [0047.505] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.505] GetLastError () returned 0x0 [0047.505] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.505] GetLastError () returned 0x0 [0047.505] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.505] GetLastError () returned 0x0 [0047.506] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.506] GetLastError () returned 0x0 [0047.506] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.507] GetLastError () returned 0x0 [0047.509] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.509] GetLastError () returned 0x0 [0047.509] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.509] GetLastError () returned 0x0 [0047.509] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.509] GetLastError () returned 0x0 [0047.509] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.509] GetLastError () returned 0x0 [0047.510] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.510] GetLastError () returned 0x0 [0047.510] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.510] GetLastError () returned 0x0 [0047.510] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.510] GetLastError () returned 0x0 [0047.510] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.510] GetLastError () returned 0x0 [0047.510] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.510] GetLastError () returned 0x0 [0047.511] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.511] GetLastError () returned 0x0 [0047.511] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.511] GetLastError () returned 0x0 [0047.511] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.511] GetLastError () returned 0x0 [0047.511] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.511] GetLastError () returned 0x0 [0047.511] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.511] GetLastError () returned 0x0 [0047.512] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.512] GetLastError () returned 0x0 [0047.512] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.512] GetLastError () returned 0x0 [0047.516] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.516] GetLastError () returned 0x0 [0047.516] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.516] GetLastError () returned 0x0 [0047.516] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.517] GetLastError () returned 0x0 [0047.517] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.517] GetLastError () returned 0x0 [0047.517] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.517] GetLastError () returned 0x0 [0047.517] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.517] GetLastError () returned 0x0 [0047.517] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.517] GetLastError () returned 0x0 [0047.517] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.518] GetLastError () returned 0x0 [0047.518] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.518] GetLastError () returned 0x0 [0047.518] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.518] GetLastError () returned 0x0 [0047.518] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.518] GetLastError () returned 0x0 [0047.518] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.518] GetLastError () returned 0x0 [0047.518] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.519] GetLastError () returned 0x0 [0047.519] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.519] GetLastError () returned 0x0 [0047.519] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.519] GetLastError () returned 0x0 [0047.519] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.519] GetLastError () returned 0x0 [0047.519] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.519] GetLastError () returned 0x0 [0047.519] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.519] GetLastError () returned 0x0 [0047.520] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.520] GetLastError () returned 0x0 [0047.520] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.520] GetLastError () returned 0x0 [0047.520] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.520] GetLastError () returned 0x0 [0047.520] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.520] GetLastError () returned 0x0 [0047.520] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.520] GetLastError () returned 0x0 [0047.521] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.521] GetLastError () returned 0x0 [0047.521] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.521] GetLastError () returned 0x0 [0047.521] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.521] GetLastError () returned 0x0 [0047.521] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.521] GetLastError () returned 0x0 [0047.521] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.521] GetLastError () returned 0x0 [0047.522] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.522] GetLastError () returned 0x0 [0047.522] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.522] GetLastError () returned 0x0 [0047.522] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0xf37, lpOverlapped=0x0) returned 1 [0047.522] GetLastError () returned 0x0 [0047.522] ReadFile (in: hFile=0x328, lpBuffer=0x31e025f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e025f*, lpNumberOfBytesRead=0x29e7e4*=0x0, lpOverlapped=0x0) returned 1 [0047.522] GetLastError () returned 0x0 [0047.522] ReadFile (in: hFile=0x328, lpBuffer=0x31e0b88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x31e0b88*, lpNumberOfBytesRead=0x29e7e4*=0x0, lpOverlapped=0x0) returned 1 [0047.522] GetLastError () returned 0x0 [0047.522] CloseHandle (hObject=0x328) returned 1 [0047.522] GetLastError () returned 0x0 [0047.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e344, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0047.523] GetLastError () returned 0x0 [0047.523] SetErrorMode (uMode=0x1) returned 0x1 [0047.523] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x3201b84 | out: lpFileInformation=0x3201b84*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1 [0047.523] GetLastError () returned 0x0 [0047.523] SetErrorMode (uMode=0x1) returned 0x1 [0047.523] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0047.523] GetLastError () returned 0x0 [0047.523] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e768 | out: phkResult=0x29e768*=0x328) returned 0x0 [0047.523] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e7b0, lpData=0x0, lpcbData=0x29e7ac*=0x0 | out: lpType=0x29e7b0*=0x1, lpData=0x0, lpcbData=0x29e7ac*=0x56) returned 0x0 [0047.523] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e7b0, lpData=0x367700, lpcbData=0x29e7ac*=0x56 | out: lpType=0x29e7b0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29e7ac*=0x56) returned 0x0 [0047.524] RegCloseKey (hKey=0x328) returned 0x0 [0047.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0047.524] GetLastError () returned 0x0 [0047.524] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x29e2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0047.524] GetLastError () returned 0x0 [0047.536] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x48c72c14, Data2=0x281c, Data3=0x42fc, Data4=([0]=0xac, [1]=0x32, [2]=0x60, [3]=0x2d, [4]=0x57, [5]=0xa0, [6]=0x8d, [7]=0x98))) returned 0x0 [0047.536] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xbda5fca5, Data2=0x7dea, Data3=0x4468, Data4=([0]=0x9e, [1]=0x94, [2]=0xbd, [3]=0x47, [4]=0x97, [5]=0x99, [6]=0x15, [7]=0x51))) returned 0x0 [0047.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.537] GetLastError () returned 0x0 [0047.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.537] GetLastError () returned 0x0 [0047.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.537] GetLastError () returned 0x0 [0047.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.537] GetLastError () returned 0x0 [0047.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.579] GetLastError () returned 0x0 [0047.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.579] GetLastError () returned 0x0 [0047.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.579] GetLastError () returned 0x0 [0047.580] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x849fae60, Data2=0x158b, Data3=0x4413, Data4=([0]=0x82, [1]=0x89, [2]=0xfd, [3]=0x7c, [4]=0x6f, [5]=0x94, [6]=0x8e, [7]=0x2b))) returned 0x0 [0047.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dee8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.580] GetLastError () returned 0x0 [0047.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.580] GetLastError () returned 0x0 [0047.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.580] GetLastError () returned 0x0 [0047.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dee8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.580] GetLastError () returned 0x0 [0047.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.580] GetLastError () returned 0x0 [0047.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.580] GetLastError () returned 0x0 [0047.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.580] GetLastError () returned 0x0 [0047.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.581] GetLastError () returned 0x0 [0047.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.581] GetLastError () returned 0x0 [0047.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.581] GetLastError () returned 0x0 [0047.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.581] GetLastError () returned 0x0 [0047.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.581] GetLastError () returned 0x0 [0047.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.581] GetLastError () returned 0x0 [0047.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.581] GetLastError () returned 0x0 [0047.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.581] GetLastError () returned 0x0 [0047.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.581] GetLastError () returned 0x0 [0047.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.581] GetLastError () returned 0x0 [0047.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.582] GetLastError () returned 0x0 [0047.583] VirtualQuery (in: lpAddress=0x29d124, lpBuffer=0x29e124, dwLength=0x1c | out: lpBuffer=0x29e124*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.584] VirtualQuery (in: lpAddress=0x29d160, lpBuffer=0x29e160, dwLength=0x1c | out: lpBuffer=0x29e160*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.584] GetLastError () returned 0x0 [0047.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.584] GetLastError () returned 0x0 [0047.584] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.584] GetLastError () returned 0x0 [0047.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.585] GetLastError () returned 0x0 [0047.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.585] GetLastError () returned 0x0 [0047.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.585] GetLastError () returned 0x0 [0047.585] VirtualQuery (in: lpAddress=0x29d490, lpBuffer=0x29e490, dwLength=0x1c | out: lpBuffer=0x29e490*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.585] GetLastError () returned 0x0 [0047.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.585] GetLastError () returned 0x0 [0047.585] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.585] GetLastError () returned 0x0 [0047.586] VirtualQuery (in: lpAddress=0x29d490, lpBuffer=0x29e490, dwLength=0x1c | out: lpBuffer=0x29e490*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.586] GetLastError () returned 0x0 [0047.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.586] GetLastError () returned 0x0 [0047.586] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.586] GetLastError () returned 0x0 [0047.586] VirtualQuery (in: lpAddress=0x29d490, lpBuffer=0x29e490, dwLength=0x1c | out: lpBuffer=0x29e490*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.586] VirtualQuery (in: lpAddress=0x29d428, lpBuffer=0x29e428, dwLength=0x1c | out: lpBuffer=0x29e428*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.587] VirtualQuery (in: lpAddress=0x29d464, lpBuffer=0x29e464, dwLength=0x1c | out: lpBuffer=0x29e464*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.588] VirtualQuery (in: lpAddress=0x29d428, lpBuffer=0x29e428, dwLength=0x1c | out: lpBuffer=0x29e428*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.588] VirtualQuery (in: lpAddress=0x29d464, lpBuffer=0x29e464, dwLength=0x1c | out: lpBuffer=0x29e464*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.588] VirtualQuery (in: lpAddress=0x29d464, lpBuffer=0x29e464, dwLength=0x1c | out: lpBuffer=0x29e464*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.589] VirtualQuery (in: lpAddress=0x29d428, lpBuffer=0x29e428, dwLength=0x1c | out: lpBuffer=0x29e428*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.589] VirtualQuery (in: lpAddress=0x29d464, lpBuffer=0x29e464, dwLength=0x1c | out: lpBuffer=0x29e464*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.589] VirtualQuery (in: lpAddress=0x29d428, lpBuffer=0x29e428, dwLength=0x1c | out: lpBuffer=0x29e428*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.589] VirtualQuery (in: lpAddress=0x29d464, lpBuffer=0x29e464, dwLength=0x1c | out: lpBuffer=0x29e464*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.589] VirtualQuery (in: lpAddress=0x29d428, lpBuffer=0x29e428, dwLength=0x1c | out: lpBuffer=0x29e428*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.591] VirtualQuery (in: lpAddress=0x29d464, lpBuffer=0x29e464, dwLength=0x1c | out: lpBuffer=0x29e464*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.591] VirtualQuery (in: lpAddress=0x29d2cc, lpBuffer=0x29e2cc, dwLength=0x1c | out: lpBuffer=0x29e2cc*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.591] VirtualQuery (in: lpAddress=0x29d428, lpBuffer=0x29e428, dwLength=0x1c | out: lpBuffer=0x29e428*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.592] VirtualQuery (in: lpAddress=0x29d464, lpBuffer=0x29e464, dwLength=0x1c | out: lpBuffer=0x29e464*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.592] VirtualQuery (in: lpAddress=0x29d428, lpBuffer=0x29e428, dwLength=0x1c | out: lpBuffer=0x29e428*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.593] VirtualQuery (in: lpAddress=0x29d464, lpBuffer=0x29e464, dwLength=0x1c | out: lpBuffer=0x29e464*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.593] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x2d44b485, Data2=0x5375, Data3=0x4807, Data4=([0]=0x9d, [1]=0xe7, [2]=0x15, [3]=0x78, [4]=0x7a, [5]=0xf2, [6]=0xdc, [7]=0x6e))) returned 0x0 [0047.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dee8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.593] GetLastError () returned 0x0 [0047.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.593] GetLastError () returned 0x0 [0047.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.593] GetLastError () returned 0x0 [0047.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dee8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.593] GetLastError () returned 0x0 [0047.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.593] GetLastError () returned 0x0 [0047.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.593] GetLastError () returned 0x0 [0047.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.594] GetLastError () returned 0x0 [0047.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.594] GetLastError () returned 0x0 [0047.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.594] GetLastError () returned 0x0 [0047.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.594] GetLastError () returned 0x0 [0047.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.594] GetLastError () returned 0x0 [0047.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.594] GetLastError () returned 0x0 [0047.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.594] GetLastError () returned 0x0 [0047.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.594] GetLastError () returned 0x0 [0047.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.594] GetLastError () returned 0x0 [0047.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.594] GetLastError () returned 0x0 [0047.594] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.595] GetLastError () returned 0x0 [0047.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.595] GetLastError () returned 0x0 [0047.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.595] GetLastError () returned 0x0 [0047.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.595] GetLastError () returned 0x0 [0047.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.595] GetLastError () returned 0x0 [0047.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.595] GetLastError () returned 0x0 [0047.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29def0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.595] GetLastError () returned 0x0 [0047.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29def0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.595] GetLastError () returned 0x0 [0047.595] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.595] GetLastError () returned 0x0 [0047.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.596] GetLastError () returned 0x0 [0047.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.596] GetLastError () returned 0x0 [0047.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.596] GetLastError () returned 0x0 [0047.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.596] GetLastError () returned 0x0 [0047.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.596] GetLastError () returned 0x0 [0047.596] VirtualQuery (in: lpAddress=0x29d490, lpBuffer=0x29e490, dwLength=0x1c | out: lpBuffer=0x29e490*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.596] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.596] GetLastError () returned 0x0 [0047.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.597] GetLastError () returned 0x0 [0047.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.597] GetLastError () returned 0x0 [0047.597] VirtualQuery (in: lpAddress=0x29d490, lpBuffer=0x29e490, dwLength=0x1c | out: lpBuffer=0x29e490*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.597] GetLastError () returned 0x0 [0047.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.597] GetLastError () returned 0x0 [0047.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.597] GetLastError () returned 0x0 [0047.597] VirtualQuery (in: lpAddress=0x29d490, lpBuffer=0x29e490, dwLength=0x1c | out: lpBuffer=0x29e490*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.598] VirtualQuery (in: lpAddress=0x29d428, lpBuffer=0x29e428, dwLength=0x1c | out: lpBuffer=0x29e428*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.598] VirtualQuery (in: lpAddress=0x29d464, lpBuffer=0x29e464, dwLength=0x1c | out: lpBuffer=0x29e464*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.599] VirtualQuery (in: lpAddress=0x29d428, lpBuffer=0x29e428, dwLength=0x1c | out: lpBuffer=0x29e428*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.599] VirtualQuery (in: lpAddress=0x29d464, lpBuffer=0x29e464, dwLength=0x1c | out: lpBuffer=0x29e464*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.600] VirtualQuery (in: lpAddress=0x29d464, lpBuffer=0x29e464, dwLength=0x1c | out: lpBuffer=0x29e464*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.600] VirtualQuery (in: lpAddress=0x29d428, lpBuffer=0x29e428, dwLength=0x1c | out: lpBuffer=0x29e428*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.600] VirtualQuery (in: lpAddress=0x29d464, lpBuffer=0x29e464, dwLength=0x1c | out: lpBuffer=0x29e464*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.600] VirtualQuery (in: lpAddress=0x29d428, lpBuffer=0x29e428, dwLength=0x1c | out: lpBuffer=0x29e428*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.601] VirtualQuery (in: lpAddress=0x29d464, lpBuffer=0x29e464, dwLength=0x1c | out: lpBuffer=0x29e464*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.601] VirtualQuery (in: lpAddress=0x29d428, lpBuffer=0x29e428, dwLength=0x1c | out: lpBuffer=0x29e428*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.601] VirtualQuery (in: lpAddress=0x29d464, lpBuffer=0x29e464, dwLength=0x1c | out: lpBuffer=0x29e464*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.602] VirtualQuery (in: lpAddress=0x29d2cc, lpBuffer=0x29e2cc, dwLength=0x1c | out: lpBuffer=0x29e2cc*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.602] VirtualQuery (in: lpAddress=0x29d428, lpBuffer=0x29e428, dwLength=0x1c | out: lpBuffer=0x29e428*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.603] VirtualQuery (in: lpAddress=0x29d464, lpBuffer=0x29e464, dwLength=0x1c | out: lpBuffer=0x29e464*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.603] VirtualQuery (in: lpAddress=0x29d428, lpBuffer=0x29e428, dwLength=0x1c | out: lpBuffer=0x29e428*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.603] VirtualQuery (in: lpAddress=0x29d464, lpBuffer=0x29e464, dwLength=0x1c | out: lpBuffer=0x29e464*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.603] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xd4c709a2, Data2=0xeda2, Data3=0x4b2d, Data4=([0]=0x8d, [1]=0x36, [2]=0xac, [3]=0x48, [4]=0x8d, [5]=0x2d, [6]=0x77, [7]=0x43))) returned 0x0 [0047.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dee8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.603] GetLastError () returned 0x0 [0047.603] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.604] GetLastError () returned 0x0 [0047.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.604] GetLastError () returned 0x0 [0047.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dee8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.604] GetLastError () returned 0x0 [0047.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.604] GetLastError () returned 0x0 [0047.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.604] GetLastError () returned 0x0 [0047.604] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xa6ca8d4a, Data2=0x4d7d, Data3=0x40bf, Data4=([0]=0xb3, [1]=0xd9, [2]=0x2e, [3]=0xa6, [4]=0xba, [5]=0xcc, [6]=0x4a, [7]=0x23))) returned 0x0 [0047.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dee8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.604] GetLastError () returned 0x0 [0047.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.604] GetLastError () returned 0x0 [0047.604] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.604] GetLastError () returned 0x0 [0047.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dee8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.605] GetLastError () returned 0x0 [0047.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.605] GetLastError () returned 0x0 [0047.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.605] GetLastError () returned 0x0 [0047.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.605] GetLastError () returned 0x0 [0047.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.605] GetLastError () returned 0x0 [0047.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.605] GetLastError () returned 0x0 [0047.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.605] GetLastError () returned 0x0 [0047.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.605] GetLastError () returned 0x0 [0047.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.605] GetLastError () returned 0x0 [0047.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.605] GetLastError () returned 0x0 [0047.605] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.606] GetLastError () returned 0x0 [0047.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.606] GetLastError () returned 0x0 [0047.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.607] GetLastError () returned 0x0 [0047.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.607] GetLastError () returned 0x0 [0047.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.607] GetLastError () returned 0x0 [0047.607] VirtualQuery (in: lpAddress=0x29d084, lpBuffer=0x29e084, dwLength=0x1c | out: lpBuffer=0x29e084*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.607] GetLastError () returned 0x0 [0047.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.608] GetLastError () returned 0x0 [0047.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.608] GetLastError () returned 0x0 [0047.608] VirtualQuery (in: lpAddress=0x29d084, lpBuffer=0x29e084, dwLength=0x1c | out: lpBuffer=0x29e084*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.608] VirtualQuery (in: lpAddress=0x29d0c0, lpBuffer=0x29e0c0, dwLength=0x1c | out: lpBuffer=0x29e0c0*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.608] GetLastError () returned 0x0 [0047.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.608] GetLastError () returned 0x0 [0047.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.608] GetLastError () returned 0x0 [0047.608] VirtualQuery (in: lpAddress=0x29d084, lpBuffer=0x29e084, dwLength=0x1c | out: lpBuffer=0x29e084*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.608] VirtualQuery (in: lpAddress=0x29d0c0, lpBuffer=0x29e0c0, dwLength=0x1c | out: lpBuffer=0x29e0c0*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.609] GetLastError () returned 0x0 [0047.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.609] GetLastError () returned 0x0 [0047.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.609] GetLastError () returned 0x0 [0047.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.609] GetLastError () returned 0x0 [0047.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.609] GetLastError () returned 0x0 [0047.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.609] GetLastError () returned 0x0 [0047.609] VirtualQuery (in: lpAddress=0x29d084, lpBuffer=0x29e084, dwLength=0x1c | out: lpBuffer=0x29e084*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.610] VirtualQuery (in: lpAddress=0x29d0c0, lpBuffer=0x29e0c0, dwLength=0x1c | out: lpBuffer=0x29e0c0*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.610] GetLastError () returned 0x0 [0047.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.610] GetLastError () returned 0x0 [0047.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.610] GetLastError () returned 0x0 [0047.610] VirtualQuery (in: lpAddress=0x29d084, lpBuffer=0x29e084, dwLength=0x1c | out: lpBuffer=0x29e084*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.610] VirtualQuery (in: lpAddress=0x29d0c0, lpBuffer=0x29e0c0, dwLength=0x1c | out: lpBuffer=0x29e0c0*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.610] GetLastError () returned 0x0 [0047.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.610] GetLastError () returned 0x0 [0047.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.611] GetLastError () returned 0x0 [0047.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.611] GetLastError () returned 0x0 [0047.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.611] GetLastError () returned 0x0 [0047.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.611] GetLastError () returned 0x0 [0047.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.611] GetLastError () returned 0x0 [0047.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.611] GetLastError () returned 0x0 [0047.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.611] GetLastError () returned 0x0 [0047.611] VirtualQuery (in: lpAddress=0x29d084, lpBuffer=0x29e084, dwLength=0x1c | out: lpBuffer=0x29e084*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.611] VirtualQuery (in: lpAddress=0x29d0c0, lpBuffer=0x29e0c0, dwLength=0x1c | out: lpBuffer=0x29e0c0*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.612] GetLastError () returned 0x0 [0047.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.612] GetLastError () returned 0x0 [0047.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.612] GetLastError () returned 0x0 [0047.612] VirtualQuery (in: lpAddress=0x29d084, lpBuffer=0x29e084, dwLength=0x1c | out: lpBuffer=0x29e084*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.612] VirtualQuery (in: lpAddress=0x29d0c0, lpBuffer=0x29e0c0, dwLength=0x1c | out: lpBuffer=0x29e0c0*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.612] GetLastError () returned 0x0 [0047.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.612] GetLastError () returned 0x0 [0047.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.612] GetLastError () returned 0x0 [0047.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dfe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.613] GetLastError () returned 0x0 [0047.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.613] GetLastError () returned 0x0 [0047.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.613] GetLastError () returned 0x0 [0047.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.613] GetLastError () returned 0x0 [0047.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29def0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.613] GetLastError () returned 0x0 [0047.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29def0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.613] GetLastError () returned 0x0 [0047.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.613] GetLastError () returned 0x0 [0047.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.613] GetLastError () returned 0x0 [0047.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.613] GetLastError () returned 0x0 [0047.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.613] GetLastError () returned 0x0 [0047.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.614] GetLastError () returned 0x0 [0047.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.614] GetLastError () returned 0x0 [0047.614] VirtualQuery (in: lpAddress=0x29d4f4, lpBuffer=0x29e4f4, dwLength=0x1c | out: lpBuffer=0x29e4f4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dee8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.614] GetLastError () returned 0x0 [0047.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.614] GetLastError () returned 0x0 [0047.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.614] GetLastError () returned 0x0 [0047.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.614] GetLastError () returned 0x0 [0047.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.614] GetLastError () returned 0x0 [0047.614] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.615] GetLastError () returned 0x0 [0047.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.615] GetLastError () returned 0x0 [0047.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.615] GetLastError () returned 0x0 [0047.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.615] GetLastError () returned 0x0 [0047.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.615] GetLastError () returned 0x0 [0047.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.615] GetLastError () returned 0x0 [0047.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.615] GetLastError () returned 0x0 [0047.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.615] GetLastError () returned 0x0 [0047.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.615] GetLastError () returned 0x0 [0047.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.616] GetLastError () returned 0x0 [0047.616] VirtualQuery (in: lpAddress=0x29d4f4, lpBuffer=0x29e4f4, dwLength=0x1c | out: lpBuffer=0x29e4f4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dee8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.616] GetLastError () returned 0x0 [0047.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.616] GetLastError () returned 0x0 [0047.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.616] GetLastError () returned 0x0 [0047.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.616] GetLastError () returned 0x0 [0047.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.616] GetLastError () returned 0x0 [0047.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.616] GetLastError () returned 0x0 [0047.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.617] GetLastError () returned 0x0 [0047.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.617] GetLastError () returned 0x0 [0047.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.617] GetLastError () returned 0x0 [0047.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.617] GetLastError () returned 0x0 [0047.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.617] GetLastError () returned 0x0 [0047.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.617] GetLastError () returned 0x0 [0047.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dcb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.617] GetLastError () returned 0x0 [0047.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.617] GetLastError () returned 0x0 [0047.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.617] GetLastError () returned 0x0 [0047.617] VirtualQuery (in: lpAddress=0x29d4f4, lpBuffer=0x29e4f4, dwLength=0x1c | out: lpBuffer=0x29e4f4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dee8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.618] GetLastError () returned 0x0 [0047.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.618] GetLastError () returned 0x0 [0047.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.618] GetLastError () returned 0x0 [0047.618] VirtualQuery (in: lpAddress=0x29d4f4, lpBuffer=0x29e4f4, dwLength=0x1c | out: lpBuffer=0x29e4f4*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.618] GetLastError () returned 0x0 [0047.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.618] GetLastError () returned 0x0 [0047.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.618] GetLastError () returned 0x0 [0047.619] VirtualQuery (in: lpAddress=0x29d124, lpBuffer=0x29e124, dwLength=0x1c | out: lpBuffer=0x29e124*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.619] VirtualQuery (in: lpAddress=0x29d160, lpBuffer=0x29e160, dwLength=0x1c | out: lpBuffer=0x29e160*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.619] VirtualQuery (in: lpAddress=0x29d428, lpBuffer=0x29e428, dwLength=0x1c | out: lpBuffer=0x29e428*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.619] VirtualQuery (in: lpAddress=0x29d464, lpBuffer=0x29e464, dwLength=0x1c | out: lpBuffer=0x29e464*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.620] VirtualQuery (in: lpAddress=0x29d428, lpBuffer=0x29e428, dwLength=0x1c | out: lpBuffer=0x29e428*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.620] VirtualQuery (in: lpAddress=0x29d464, lpBuffer=0x29e464, dwLength=0x1c | out: lpBuffer=0x29e464*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.620] VirtualQuery (in: lpAddress=0x29d464, lpBuffer=0x29e464, dwLength=0x1c | out: lpBuffer=0x29e464*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.620] VirtualQuery (in: lpAddress=0x29d428, lpBuffer=0x29e428, dwLength=0x1c | out: lpBuffer=0x29e428*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.620] VirtualQuery (in: lpAddress=0x29d464, lpBuffer=0x29e464, dwLength=0x1c | out: lpBuffer=0x29e464*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.621] VirtualQuery (in: lpAddress=0x29d428, lpBuffer=0x29e428, dwLength=0x1c | out: lpBuffer=0x29e428*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.621] VirtualQuery (in: lpAddress=0x29d464, lpBuffer=0x29e464, dwLength=0x1c | out: lpBuffer=0x29e464*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.621] VirtualQuery (in: lpAddress=0x29d428, lpBuffer=0x29e428, dwLength=0x1c | out: lpBuffer=0x29e428*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.622] VirtualQuery (in: lpAddress=0x29d464, lpBuffer=0x29e464, dwLength=0x1c | out: lpBuffer=0x29e464*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.622] VirtualQuery (in: lpAddress=0x29d2cc, lpBuffer=0x29e2cc, dwLength=0x1c | out: lpBuffer=0x29e2cc*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.622] VirtualQuery (in: lpAddress=0x29d428, lpBuffer=0x29e428, dwLength=0x1c | out: lpBuffer=0x29e428*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.622] VirtualQuery (in: lpAddress=0x29d464, lpBuffer=0x29e464, dwLength=0x1c | out: lpBuffer=0x29e464*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.622] VirtualQuery (in: lpAddress=0x29d428, lpBuffer=0x29e428, dwLength=0x1c | out: lpBuffer=0x29e428*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.623] VirtualQuery (in: lpAddress=0x29d464, lpBuffer=0x29e464, dwLength=0x1c | out: lpBuffer=0x29e464*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.623] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x19195cf9, Data2=0xb211, Data3=0x45a8, Data4=([0]=0x83, [1]=0xe1, [2]=0x81, [3]=0xf7, [4]=0x9f, [5]=0x88, [6]=0x81, [7]=0xd))) returned 0x0 [0047.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.623] GetLastError () returned 0x0 [0047.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.623] GetLastError () returned 0x0 [0047.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.623] GetLastError () returned 0x0 [0047.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.623] GetLastError () returned 0x0 [0047.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.623] GetLastError () returned 0x0 [0047.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.623] GetLastError () returned 0x0 [0047.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.624] GetLastError () returned 0x0 [0047.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.624] GetLastError () returned 0x0 [0047.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.624] GetLastError () returned 0x0 [0047.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.624] GetLastError () returned 0x0 [0047.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.624] GetLastError () returned 0x0 [0047.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.624] GetLastError () returned 0x0 [0047.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.624] GetLastError () returned 0x0 [0047.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.624] GetLastError () returned 0x0 [0047.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.624] GetLastError () returned 0x0 [0047.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.625] GetLastError () returned 0x0 [0047.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.625] GetLastError () returned 0x0 [0047.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.625] GetLastError () returned 0x0 [0047.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.625] GetLastError () returned 0x0 [0047.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.625] GetLastError () returned 0x0 [0047.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.625] GetLastError () returned 0x0 [0047.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.625] GetLastError () returned 0x0 [0047.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.625] GetLastError () returned 0x0 [0047.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.625] GetLastError () returned 0x0 [0047.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.626] GetLastError () returned 0x0 [0047.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.626] GetLastError () returned 0x0 [0047.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.626] GetLastError () returned 0x0 [0047.626] VirtualQuery (in: lpAddress=0x29d124, lpBuffer=0x29e124, dwLength=0x1c | out: lpBuffer=0x29e124*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.626] VirtualQuery (in: lpAddress=0x29d160, lpBuffer=0x29e160, dwLength=0x1c | out: lpBuffer=0x29e160*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.627] GetLastError () returned 0x0 [0047.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dec4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.627] GetLastError () returned 0x0 [0047.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dec4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.627] GetLastError () returned 0x0 [0047.627] VirtualQuery (in: lpAddress=0x29d22c, lpBuffer=0x29e22c, dwLength=0x1c | out: lpBuffer=0x29e22c*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29df14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.627] GetLastError () returned 0x0 [0047.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dec4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.627] GetLastError () returned 0x0 [0047.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dec4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.627] GetLastError () returned 0x0 [0047.627] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x4a4196cd, Data2=0x5a86, Data3=0x4ae1, Data4=([0]=0x98, [1]=0xc7, [2]=0x24, [3]=0x13, [4]=0x3, [5]=0xea, [6]=0x24, [7]=0x90))) returned 0x0 [0047.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.628] GetLastError () returned 0x0 [0047.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.628] GetLastError () returned 0x0 [0047.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.628] GetLastError () returned 0x0 [0047.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.628] GetLastError () returned 0x0 [0047.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.628] GetLastError () returned 0x0 [0047.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.628] GetLastError () returned 0x0 [0047.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.628] GetLastError () returned 0x0 [0047.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.628] GetLastError () returned 0x0 [0047.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.628] GetLastError () returned 0x0 [0047.629] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x4748bdda, Data2=0x542c, Data3=0x4ac1, Data4=([0]=0x98, [1]=0x36, [2]=0xe5, [3]=0xe7, [4]=0xb8, [5]=0x9b, [6]=0x3e, [7]=0xfa))) returned 0x0 [0047.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.629] GetLastError () returned 0x0 [0047.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.629] GetLastError () returned 0x0 [0047.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.629] GetLastError () returned 0x0 [0047.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.629] GetLastError () returned 0x0 [0047.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.629] GetLastError () returned 0x0 [0047.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.629] GetLastError () returned 0x0 [0047.630] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x47ef32eb, Data2=0x4fbc, Data3=0x42fc, Data4=([0]=0x89, [1]=0x39, [2]=0x6d, [3]=0x78, [4]=0x4a, [5]=0x61, [6]=0xf9, [7]=0x5c))) returned 0x0 [0047.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.630] GetLastError () returned 0x0 [0047.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.630] GetLastError () returned 0x0 [0047.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.630] GetLastError () returned 0x0 [0047.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.630] GetLastError () returned 0x0 [0047.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.630] GetLastError () returned 0x0 [0047.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.630] GetLastError () returned 0x0 [0047.630] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xf017e578, Data2=0x4100, Data3=0x4768, Data4=([0]=0x87, [1]=0x56, [2]=0x35, [3]=0xcb, [4]=0xfb, [5]=0x3a, [6]=0x8e, [7]=0xdb))) returned 0x0 [0047.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.631] GetLastError () returned 0x0 [0047.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.631] GetLastError () returned 0x0 [0047.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.631] GetLastError () returned 0x0 [0047.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.631] GetLastError () returned 0x0 [0047.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.631] GetLastError () returned 0x0 [0047.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.631] GetLastError () returned 0x0 [0047.631] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x222a7d3a, Data2=0x966a, Data3=0x45f7, Data4=([0]=0xb0, [1]=0x73, [2]=0xe3, [3]=0xb, [4]=0xbe, [5]=0xd4, [6]=0x8a, [7]=0x21))) returned 0x0 [0047.632] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x3dda7675, Data2=0x715, Data3=0x4cdc, Data4=([0]=0x82, [1]=0x80, [2]=0x4f, [3]=0xec, [4]=0x55, [5]=0x6f, [6]=0x7a, [7]=0xf1))) returned 0x0 [0047.632] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xf124b258, Data2=0x9386, Data3=0x4af7, Data4=([0]=0xaa, [1]=0x92, [2]=0x69, [3]=0x45, [4]=0x0, [5]=0xc0, [6]=0x74, [7]=0x3))) returned 0x0 [0047.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.632] GetLastError () returned 0x0 [0047.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.632] GetLastError () returned 0x0 [0047.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.632] GetLastError () returned 0x0 [0047.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.632] GetLastError () returned 0x0 [0047.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.632] GetLastError () returned 0x0 [0047.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e030, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.632] GetLastError () returned 0x0 [0047.632] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x28900eb5, Data2=0xb087, Data3=0x41cc, Data4=([0]=0xbe, [1]=0xe6, [2]=0xcb, [3]=0xbb, [4]=0xb8, [5]=0xdc, [6]=0xd3, [7]=0xce))) returned 0x0 [0047.633] VirtualQuery (in: lpAddress=0x29d084, lpBuffer=0x29e084, dwLength=0x1c | out: lpBuffer=0x29e084*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.633] GetLastError () returned 0x0 [0047.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.633] GetLastError () returned 0x0 [0047.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.633] GetLastError () returned 0x0 [0047.633] VirtualQuery (in: lpAddress=0x29d084, lpBuffer=0x29e084, dwLength=0x1c | out: lpBuffer=0x29e084*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.634] VirtualQuery (in: lpAddress=0x29d0c0, lpBuffer=0x29e0c0, dwLength=0x1c | out: lpBuffer=0x29e0c0*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.634] GetLastError () returned 0x0 [0047.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.634] GetLastError () returned 0x0 [0047.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.634] GetLastError () returned 0x0 [0047.634] VirtualQuery (in: lpAddress=0x29d084, lpBuffer=0x29e084, dwLength=0x1c | out: lpBuffer=0x29e084*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.634] VirtualQuery (in: lpAddress=0x29d0c0, lpBuffer=0x29e0c0, dwLength=0x1c | out: lpBuffer=0x29e0c0*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.634] GetLastError () returned 0x0 [0047.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.634] GetLastError () returned 0x0 [0047.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29da28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.634] GetLastError () returned 0x0 [0047.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dc10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.635] GetLastError () returned 0x0 [0047.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.635] GetLastError () returned 0x0 [0047.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dbc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.635] GetLastError () returned 0x0 [0047.635] VirtualQuery (in: lpAddress=0x29d084, lpBuffer=0x29e084, dwLength=0x1c | out: lpBuffer=0x29e084*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.635] VirtualQuery (in: lpAddress=0x29d0c0, lpBuffer=0x29e0c0, dwLength=0x1c | out: lpBuffer=0x29e0c0*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0047.638] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x271ab8d7, Data2=0x341c, Data3=0x4ccc, Data4=([0]=0xbb, [1]=0xf, [2]=0x21, [3]=0x22, [4]=0x56, [5]=0xe7, [6]=0x68, [7]=0xbd))) returned 0x0 [0047.642] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x273fb1ac, Data2=0x500e, Data3=0x434c, Data4=([0]=0xaa, [1]=0xc8, [2]=0xf5, [3]=0x2d, [4]=0x1d, [5]=0x1, [6]=0x37, [7]=0x51))) returned 0x0 [0047.644] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x8d56a0d2, Data2=0x553c, Data3=0x45e5, Data4=([0]=0xb3, [1]=0x6a, [2]=0xd9, [3]=0x84, [4]=0x1d, [5]=0xf4, [6]=0x24, [7]=0xbf))) returned 0x0 [0047.644] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xf39af2a7, Data2=0x345a, Data3=0x4cde, Data4=([0]=0x92, [1]=0x98, [2]=0xad, [3]=0x99, [4]=0x64, [5]=0xe1, [6]=0xcb, [7]=0x8))) returned 0x0 [0047.645] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xab339a6, Data2=0xc2b4, Data3=0x4242, Data4=([0]=0x91, [1]=0xf4, [2]=0xb, [3]=0xc1, [4]=0x94, [5]=0x59, [6]=0x57, [7]=0xae))) returned 0x0 [0047.645] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xc8337524, Data2=0x5b7b, Data3=0x4605, Data4=([0]=0x93, [1]=0x59, [2]=0x99, [3]=0x10, [4]=0x12, [5]=0x43, [6]=0xb5, [7]=0xf7))) returned 0x0 [0047.646] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x18e701e1, Data2=0x5781, Data3=0x435b, Data4=([0]=0xa4, [1]=0xac, [2]=0x4e, [3]=0x58, [4]=0x5a, [5]=0xf5, [6]=0x62, [7]=0x55))) returned 0x0 [0047.646] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xd6393b68, Data2=0x32db, Data3=0x4c91, Data4=([0]=0x8a, [1]=0xa4, [2]=0xd, [3]=0x27, [4]=0x44, [5]=0x4d, [6]=0x85, [7]=0x2f))) returned 0x0 [0047.646] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x5594f0fd, Data2=0x18e9, Data3=0x4250, Data4=([0]=0xa0, [1]=0xb, [2]=0x59, [3]=0xbd, [4]=0x49, [5]=0x50, [6]=0xdb, [7]=0xfb))) returned 0x0 [0047.646] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x1c09d820, Data2=0xb499, Data3=0x40bd, Data4=([0]=0x8e, [1]=0x72, [2]=0x83, [3]=0xda, [4]=0x4c, [5]=0x7e, [6]=0x79, [7]=0x3e))) returned 0x0 [0047.647] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0047.647] GetLastError () returned 0x0 [0047.647] GetFileType (hFile=0x328) returned 0x1 [0047.647] SetErrorMode (uMode=0x1) returned 0x1 [0047.647] GetFileType (hFile=0x328) returned 0x1 [0047.647] ReadFile (in: hFile=0x328, lpBuffer=0x34ad700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x34ad700*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.649] GetLastError () returned 0x0 [0047.650] ReadFile (in: hFile=0x328, lpBuffer=0x34ad700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x34ad700*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.650] GetLastError () returned 0x0 [0047.650] ReadFile (in: hFile=0x328, lpBuffer=0x34ad700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x34ad700*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.651] GetLastError () returned 0x0 [0047.651] ReadFile (in: hFile=0x328, lpBuffer=0x34ad700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x34ad700*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.651] GetLastError () returned 0x0 [0047.651] ReadFile (in: hFile=0x328, lpBuffer=0x34ad700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x34ad700*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.651] GetLastError () returned 0x0 [0047.652] ReadFile (in: hFile=0x328, lpBuffer=0x34ad700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x34ad700*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.652] GetLastError () returned 0x0 [0047.652] ReadFile (in: hFile=0x328, lpBuffer=0x34ad700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x34ad700*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.652] GetLastError () returned 0x0 [0047.652] ReadFile (in: hFile=0x328, lpBuffer=0x34ad700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x34ad700*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.652] GetLastError () returned 0x0 [0047.652] ReadFile (in: hFile=0x328, lpBuffer=0x34ad700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x34ad700*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.652] GetLastError () returned 0x0 [0047.654] ReadFile (in: hFile=0x328, lpBuffer=0x34ad700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x34ad700*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.654] GetLastError () returned 0x0 [0047.654] ReadFile (in: hFile=0x328, lpBuffer=0x34ad700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x34ad700*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.654] GetLastError () returned 0x0 [0047.654] ReadFile (in: hFile=0x328, lpBuffer=0x34ad700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x34ad700*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.654] GetLastError () returned 0x0 [0047.654] ReadFile (in: hFile=0x328, lpBuffer=0x34ad700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x34ad700*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.654] GetLastError () returned 0x0 [0047.655] ReadFile (in: hFile=0x328, lpBuffer=0x34ad700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x34ad700*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.655] GetLastError () returned 0x0 [0047.655] ReadFile (in: hFile=0x328, lpBuffer=0x34ad700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x34ad700*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.655] GetLastError () returned 0x0 [0047.655] ReadFile (in: hFile=0x328, lpBuffer=0x34ad700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x34ad700*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.655] GetLastError () returned 0x0 [0047.655] ReadFile (in: hFile=0x328, lpBuffer=0x34ad700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x34ad700*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.655] GetLastError () returned 0x0 [0047.657] ReadFile (in: hFile=0x328, lpBuffer=0x34ad700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x34ad700*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.658] GetLastError () returned 0x0 [0047.658] ReadFile (in: hFile=0x328, lpBuffer=0x34ad700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x34ad700*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.658] GetLastError () returned 0x0 [0047.658] ReadFile (in: hFile=0x328, lpBuffer=0x34ad700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x34ad700*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.658] GetLastError () returned 0x0 [0047.658] ReadFile (in: hFile=0x328, lpBuffer=0x34ad700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x34ad700*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.658] GetLastError () returned 0x0 [0047.658] ReadFile (in: hFile=0x328, lpBuffer=0x34ad700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x34ad700*, lpNumberOfBytesRead=0x29e7e4*=0xe67, lpOverlapped=0x0) returned 1 [0047.658] GetLastError () returned 0x0 [0047.659] ReadFile (in: hFile=0x328, lpBuffer=0x34acd07, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x34acd07*, lpNumberOfBytesRead=0x29e7e4*=0x0, lpOverlapped=0x0) returned 1 [0047.659] GetLastError () returned 0x0 [0047.659] ReadFile (in: hFile=0x328, lpBuffer=0x34ad700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x34ad700*, lpNumberOfBytesRead=0x29e7e4*=0x0, lpOverlapped=0x0) returned 1 [0047.659] GetLastError () returned 0x0 [0047.660] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e768 | out: phkResult=0x29e768*=0x328) returned 0x0 [0047.660] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e7b0, lpData=0x0, lpcbData=0x29e7ac*=0x0 | out: lpType=0x29e7b0*=0x1, lpData=0x0, lpcbData=0x29e7ac*=0x56) returned 0x0 [0047.660] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e7b0, lpData=0x367700, lpcbData=0x29e7ac*=0x56 | out: lpType=0x29e7b0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29e7ac*=0x56) returned 0x0 [0047.660] RegCloseKey (hKey=0x328) returned 0x0 [0047.664] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x474bb477, Data2=0xfb38, Data3=0x4baa, Data4=([0]=0xab, [1]=0x5e, [2]=0x7a, [3]=0x71, [4]=0x92, [5]=0xbe, [6]=0x6, [7]=0x7d))) returned 0x0 [0047.664] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xddeb945, Data2=0x327b, Data3=0x4d68, Data4=([0]=0xb6, [1]=0x90, [2]=0x82, [3]=0x47, [4]=0x5e, [5]=0x6e, [6]=0x41, [7]=0x62))) returned 0x0 [0047.664] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xf621a5d4, Data2=0x7b0a, Data3=0x4108, Data4=([0]=0xbd, [1]=0x63, [2]=0xd2, [3]=0x4e, [4]=0x26, [5]=0x9f, [6]=0x10, [7]=0xc6))) returned 0x0 [0047.664] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x84a00419, Data2=0x9303, Data3=0x4c55, Data4=([0]=0x9f, [1]=0xa8, [2]=0x66, [3]=0x11, [4]=0xf7, [5]=0x5a, [6]=0x47, [7]=0xee))) returned 0x0 [0047.665] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x3266540a, Data2=0x932e, Data3=0x4345, Data4=([0]=0xb9, [1]=0x78, [2]=0xe4, [3]=0x7a, [4]=0xa0, [5]=0x72, [6]=0x13, [7]=0x3a))) returned 0x0 [0047.665] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xf08007bc, Data2=0x5770, Data3=0x46a8, Data4=([0]=0x96, [1]=0x2b, [2]=0x65, [3]=0xa4, [4]=0x94, [5]=0x9c, [6]=0xe3, [7]=0xfb))) returned 0x0 [0047.665] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x51726d9a, Data2=0x61c8, Data3=0x4dbc, Data4=([0]=0xbc, [1]=0x6b, [2]=0xd3, [3]=0xa, [4]=0xfb, [5]=0xa3, [6]=0x5, [7]=0x45))) returned 0x0 [0047.665] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x6d809309, Data2=0x2cb9, Data3=0x4020, Data4=([0]=0xa3, [1]=0x87, [2]=0x86, [3]=0xf9, [4]=0x80, [5]=0x2e, [6]=0x97, [7]=0xfd))) returned 0x0 [0047.665] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x273fdb40, Data2=0x2e8, Data3=0x4d1d, Data4=([0]=0xac, [1]=0xeb, [2]=0x90, [3]=0xc, [4]=0x8d, [5]=0xe7, [6]=0xcd, [7]=0x1c))) returned 0x0 [0047.665] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xcdce4c52, Data2=0xeaa0, Data3=0x413a, Data4=([0]=0xb7, [1]=0x3d, [2]=0x5, [3]=0xb1, [4]=0xba, [5]=0x89, [6]=0xbf, [7]=0xb4))) returned 0x0 [0047.665] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x25e823ce, Data2=0x81f3, Data3=0x4cca, Data4=([0]=0xa6, [1]=0x8, [2]=0xe0, [3]=0xbf, [4]=0x78, [5]=0x7f, [6]=0x11, [7]=0x8b))) returned 0x0 [0047.666] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xb1eb61f8, Data2=0x7a8e, Data3=0x40e4, Data4=([0]=0x87, [1]=0xa9, [2]=0x39, [3]=0xc8, [4]=0xa3, [5]=0x4b, [6]=0xd4, [7]=0x2))) returned 0x0 [0047.666] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xc7d04a7f, Data2=0x641b, Data3=0x4211, Data4=([0]=0x8c, [1]=0x88, [2]=0x85, [3]=0xb3, [4]=0x66, [5]=0x8b, [6]=0x71, [7]=0x77))) returned 0x0 [0047.666] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xcece80ff, Data2=0xe897, Data3=0x4f67, Data4=([0]=0xb9, [1]=0x4, [2]=0xb8, [3]=0xf3, [4]=0x49, [5]=0x67, [6]=0xc1, [7]=0x3e))) returned 0x0 [0047.666] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xafea7d43, Data2=0x408f, Data3=0x45fe, Data4=([0]=0xa7, [1]=0xfc, [2]=0x32, [3]=0x95, [4]=0x8d, [5]=0xf7, [6]=0x2d, [7]=0x5e))) returned 0x0 [0047.666] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x466b5c99, Data2=0x9052, Data3=0x4d97, Data4=([0]=0xbe, [1]=0x9e, [2]=0x83, [3]=0x95, [4]=0xf7, [5]=0xd2, [6]=0x43, [7]=0x6c))) returned 0x0 [0047.666] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xa3b02bed, Data2=0x2927, Data3=0x45ba, Data4=([0]=0x8e, [1]=0xe7, [2]=0x4, [3]=0xb3, [4]=0xf0, [5]=0x59, [6]=0x13, [7]=0x58))) returned 0x0 [0047.666] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x831ffc6e, Data2=0xb42e, Data3=0x4ae8, Data4=([0]=0xab, [1]=0x1b, [2]=0xa0, [3]=0xc2, [4]=0x96, [5]=0x65, [6]=0xad, [7]=0x70))) returned 0x0 [0047.667] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x277d6b7e, Data2=0x4206, Data3=0x4f91, Data4=([0]=0xb9, [1]=0x29, [2]=0xe4, [3]=0xd, [4]=0x4a, [5]=0xae, [6]=0x12, [7]=0x79))) returned 0x0 [0047.667] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xa670ba1, Data2=0x7add, Data3=0x4aba, Data4=([0]=0xb4, [1]=0xda, [2]=0x9a, [3]=0x16, [4]=0x11, [5]=0xf2, [6]=0xf7, [7]=0x34))) returned 0x0 [0047.667] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x2fad3525, Data2=0xbe8b, Data3=0x4eeb, Data4=([0]=0xb9, [1]=0x6b, [2]=0x5b, [3]=0x7e, [4]=0x91, [5]=0x2d, [6]=0xd8, [7]=0xa8))) returned 0x0 [0047.667] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x412c21fb, Data2=0x16b9, Data3=0x4e8b, Data4=([0]=0x9f, [1]=0xb, [2]=0x81, [3]=0x2b, [4]=0xc4, [5]=0xf1, [6]=0x63, [7]=0x83))) returned 0x0 [0047.668] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xc447929f, Data2=0xa64a, Data3=0x4087, Data4=([0]=0x90, [1]=0x93, [2]=0x3a, [3]=0xfe, [4]=0x89, [5]=0xe, [6]=0x9e, [7]=0xed))) returned 0x0 [0047.668] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xab1ef9f3, Data2=0xdca4, Data3=0x4c39, Data4=([0]=0x8e, [1]=0xde, [2]=0xc4, [3]=0xeb, [4]=0x42, [5]=0x48, [6]=0x9f, [7]=0x5))) returned 0x0 [0047.668] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x9eafd174, Data2=0xaa4a, Data3=0x4005, Data4=([0]=0xbe, [1]=0xce, [2]=0x98, [3]=0x2, [4]=0xda, [5]=0xe6, [6]=0xd8, [7]=0x51))) returned 0x0 [0047.668] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xfbbf1509, Data2=0x1f29, Data3=0x4271, Data4=([0]=0x9d, [1]=0x76, [2]=0xde, [3]=0x8a, [4]=0x8e, [5]=0x57, [6]=0x7, [7]=0x32))) returned 0x0 [0047.669] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xa30ec6e6, Data2=0x5690, Data3=0x4046, Data4=([0]=0xa1, [1]=0x23, [2]=0xee, [3]=0x9e, [4]=0x3e, [5]=0xf3, [6]=0x1f, [7]=0x4b))) returned 0x0 [0047.669] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x62776c82, Data2=0xa353, Data3=0x4abc, Data4=([0]=0x80, [1]=0x4c, [2]=0xae, [3]=0xc8, [4]=0xd9, [5]=0xfc, [6]=0x7, [7]=0xd))) returned 0x0 [0047.669] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xa264d4cd, Data2=0xaadf, Data3=0x4ca8, Data4=([0]=0x91, [1]=0x9b, [2]=0xf9, [3]=0x9c, [4]=0x30, [5]=0x8, [6]=0xef, [7]=0xcc))) returned 0x0 [0047.669] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xc56dfca6, Data2=0x531c, Data3=0x4818, Data4=([0]=0xaf, [1]=0xb9, [2]=0x4b, [3]=0x25, [4]=0xe4, [5]=0x1a, [6]=0xe2, [7]=0x8f))) returned 0x0 [0047.669] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x6e9caefe, Data2=0x43dd, Data3=0x43ec, Data4=([0]=0xb6, [1]=0xce, [2]=0xcf, [3]=0x22, [4]=0xfa, [5]=0x77, [6]=0xe4, [7]=0x13))) returned 0x0 [0047.669] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x6c9c64e2, Data2=0xb8a5, Data3=0x4136, Data4=([0]=0xbf, [1]=0x53, [2]=0x37, [3]=0x8e, [4]=0x9b, [5]=0x19, [6]=0x9b, [7]=0x56))) returned 0x0 [0047.669] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x982de213, Data2=0x15fe, Data3=0x49df, Data4=([0]=0xa9, [1]=0xa7, [2]=0xac, [3]=0xa7, [4]=0x2, [5]=0x3b, [6]=0x54, [7]=0x61))) returned 0x0 [0047.672] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xbd0039e4, Data2=0x5376, Data3=0x46ec, Data4=([0]=0xa1, [1]=0x36, [2]=0x9f, [3]=0x7a, [4]=0xfb, [5]=0x34, [6]=0x9a, [7]=0x9a))) returned 0x0 [0047.672] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x60a88e4d, Data2=0xab4a, Data3=0x454c, Data4=([0]=0xba, [1]=0xdd, [2]=0x24, [3]=0x4c, [4]=0x83, [5]=0x95, [6]=0x1c, [7]=0x94))) returned 0x0 [0047.672] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x792e6471, Data2=0xf39c, Data3=0x4bb7, Data4=([0]=0xa7, [1]=0xe3, [2]=0x8d, [3]=0x72, [4]=0x4e, [5]=0xe7, [6]=0xc7, [7]=0x25))) returned 0x0 [0047.673] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xd64ca117, Data2=0x4a90, Data3=0x4b2e, Data4=([0]=0xb6, [1]=0xbc, [2]=0xea, [3]=0x16, [4]=0x62, [5]=0xc5, [6]=0x68, [7]=0x30))) returned 0x0 [0047.673] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x560de314, Data2=0xf551, Data3=0x45a9, Data4=([0]=0xbd, [1]=0xac, [2]=0xeb, [3]=0x93, [4]=0x82, [5]=0x44, [6]=0x16, [7]=0x89))) returned 0x0 [0047.673] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x5f7bc28d, Data2=0xab4, Data3=0x4963, Data4=([0]=0xa8, [1]=0x47, [2]=0x78, [3]=0x2a, [4]=0x98, [5]=0x13, [6]=0x80, [7]=0xa1))) returned 0x0 [0047.673] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x30d15f98, Data2=0x48c3, Data3=0x4f90, Data4=([0]=0x89, [1]=0x53, [2]=0xd7, [3]=0x24, [4]=0x2b, [5]=0x7e, [6]=0xe8, [7]=0xee))) returned 0x0 [0047.673] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x2c06d14b, Data2=0xd6b5, Data3=0x489b, Data4=([0]=0xbe, [1]=0xe, [2]=0xec, [3]=0x5d, [4]=0x5, [5]=0xb6, [6]=0xff, [7]=0xa8))) returned 0x0 [0047.674] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xf04821b0, Data2=0x945f, Data3=0x4949, Data4=([0]=0x88, [1]=0x41, [2]=0xb8, [3]=0xb4, [4]=0x3, [5]=0xf4, [6]=0xbb, [7]=0x49))) returned 0x0 [0047.674] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x997572e8, Data2=0x89c6, Data3=0x4630, Data4=([0]=0xba, [1]=0x6b, [2]=0xe7, [3]=0x8, [4]=0x67, [5]=0xda, [6]=0x4a, [7]=0x42))) returned 0x0 [0047.674] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xcfeb0212, Data2=0x42b5, Data3=0x4a3d, Data4=([0]=0xbb, [1]=0x9d, [2]=0x6c, [3]=0x26, [4]=0xef, [5]=0x6b, [6]=0x72, [7]=0xcb))) returned 0x0 [0047.674] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xd2e46408, Data2=0x8463, Data3=0x46d9, Data4=([0]=0xad, [1]=0xb5, [2]=0xd3, [3]=0x12, [4]=0x7, [5]=0xf7, [6]=0xa2, [7]=0x9d))) returned 0x0 [0047.674] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xd03cca2e, Data2=0x6a40, Data3=0x4e21, Data4=([0]=0xb0, [1]=0x6c, [2]=0xa6, [3]=0x4, [4]=0xc1, [5]=0x1c, [6]=0xef, [7]=0x1))) returned 0x0 [0047.674] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xc991c3d, Data2=0x923b, Data3=0x439a, Data4=([0]=0x8b, [1]=0xb8, [2]=0x19, [3]=0x47, [4]=0x86, [5]=0x6e, [6]=0xfc, [7]=0xc9))) returned 0x0 [0047.675] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xe64f1e9f, Data2=0x9dc4, Data3=0x4cb6, Data4=([0]=0xa5, [1]=0x24, [2]=0x6, [3]=0x4f, [4]=0xd0, [5]=0x3c, [6]=0xe, [7]=0x5c))) returned 0x0 [0047.675] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0047.675] GetLastError () returned 0x0 [0047.675] GetFileType (hFile=0x328) returned 0x1 [0047.675] SetErrorMode (uMode=0x1) returned 0x1 [0047.675] GetFileType (hFile=0x328) returned 0x1 [0047.676] ReadFile (in: hFile=0x328, lpBuffer=0x359e0d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x359e0d8*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.677] GetLastError () returned 0x0 [0047.678] ReadFile (in: hFile=0x328, lpBuffer=0x359e0d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x359e0d8*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.678] GetLastError () returned 0x0 [0047.679] ReadFile (in: hFile=0x328, lpBuffer=0x359e0d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x359e0d8*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.679] GetLastError () returned 0x0 [0047.679] ReadFile (in: hFile=0x328, lpBuffer=0x359e0d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x359e0d8*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.679] GetLastError () returned 0x0 [0047.679] ReadFile (in: hFile=0x328, lpBuffer=0x359e0d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x359e0d8*, lpNumberOfBytesRead=0x29e7e4*=0x8b4, lpOverlapped=0x0) returned 1 [0047.679] GetLastError () returned 0x0 [0047.680] ReadFile (in: hFile=0x328, lpBuffer=0x359d52c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x359d52c*, lpNumberOfBytesRead=0x29e7e4*=0x0, lpOverlapped=0x0) returned 1 [0047.680] GetLastError () returned 0x0 [0047.680] ReadFile (in: hFile=0x328, lpBuffer=0x359e0d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x359e0d8*, lpNumberOfBytesRead=0x29e7e4*=0x0, lpOverlapped=0x0) returned 1 [0047.680] GetLastError () returned 0x0 [0047.680] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e768 | out: phkResult=0x29e768*=0x328) returned 0x0 [0047.680] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e7b0, lpData=0x0, lpcbData=0x29e7ac*=0x0 | out: lpType=0x29e7b0*=0x1, lpData=0x0, lpcbData=0x29e7ac*=0x56) returned 0x0 [0047.680] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e7b0, lpData=0x367700, lpcbData=0x29e7ac*=0x56 | out: lpType=0x29e7b0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29e7ac*=0x56) returned 0x0 [0047.680] RegCloseKey (hKey=0x328) returned 0x0 [0047.681] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0xfffd6d3a, Data2=0xfaeb, Data3=0x4539, Data4=([0]=0xb9, [1]=0x44, [2]=0x3d, [3]=0x8f, [4]=0xce, [5]=0x70, [6]=0x28, [7]=0x8e))) returned 0x0 [0047.681] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x21316065, Data2=0xe683, Data3=0x4cfc, Data4=([0]=0x93, [1]=0x70, [2]=0xaa, [3]=0xda, [4]=0x95, [5]=0xc3, [6]=0xf8, [7]=0x97))) returned 0x0 [0047.682] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0047.682] GetLastError () returned 0x0 [0047.682] GetFileType (hFile=0x328) returned 0x1 [0047.682] SetErrorMode (uMode=0x1) returned 0x1 [0047.682] GetFileType (hFile=0x328) returned 0x1 [0047.682] ReadFile (in: hFile=0x328, lpBuffer=0x35d4fe4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x35d4fe4*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.684] GetLastError () returned 0x0 [0047.684] ReadFile (in: hFile=0x328, lpBuffer=0x35d4fe4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x35d4fe4*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.685] GetLastError () returned 0x0 [0047.685] ReadFile (in: hFile=0x328, lpBuffer=0x35d4fe4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x35d4fe4*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.685] GetLastError () returned 0x0 [0047.685] ReadFile (in: hFile=0x328, lpBuffer=0x35d4fe4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x35d4fe4*, lpNumberOfBytesRead=0x29e7e4*=0x1000, lpOverlapped=0x0) returned 1 [0047.685] GetLastError () returned 0x0 [0047.686] ReadFile (in: hFile=0x328, lpBuffer=0x35d4fe4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x35d4fe4*, lpNumberOfBytesRead=0x29e7e4*=0xe98, lpOverlapped=0x0) returned 1 [0047.686] GetLastError () returned 0x0 [0047.686] ReadFile (in: hFile=0x328, lpBuffer=0x35d461c, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x35d461c*, lpNumberOfBytesRead=0x29e7e4*=0x0, lpOverlapped=0x0) returned 1 [0047.686] GetLastError () returned 0x0 [0047.686] ReadFile (in: hFile=0x328, lpBuffer=0x35d4fe4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x29e7e4, lpOverlapped=0x0 | out: lpBuffer=0x35d4fe4*, lpNumberOfBytesRead=0x29e7e4*=0x0, lpOverlapped=0x0) returned 1 [0047.686] GetLastError () returned 0x0 [0047.686] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e768 | out: phkResult=0x29e768*=0x328) returned 0x0 [0047.687] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e7b0, lpData=0x0, lpcbData=0x29e7ac*=0x0 | out: lpType=0x29e7b0*=0x1, lpData=0x0, lpcbData=0x29e7ac*=0x56) returned 0x0 [0047.687] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29e7b0, lpData=0x367700, lpcbData=0x29e7ac*=0x56 | out: lpType=0x29e7b0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29e7ac*=0x56) returned 0x0 [0047.687] RegCloseKey (hKey=0x328) returned 0x0 [0047.688] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x8156108e, Data2=0x5c1b, Data3=0x499f, Data4=([0]=0x9d, [1]=0xf7, [2]=0x84, [3]=0xb0, [4]=0xf1, [5]=0x1e, [6]=0x33, [7]=0x39))) returned 0x0 [0047.688] CoCreateGuid (in: pguid=0x29e7d8 | out: pguid=0x29e7d8*(Data1=0x3fd4c413, Data2=0xeeb, Data3=0x4f1d, Data4=([0]=0xa3, [1]=0xea, [2]=0xab, [3]=0xbf, [4]=0x1, [5]=0xa, [6]=0x8f, [7]=0xaf))) returned 0x0 [0047.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x29e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0047.701] GetLastError () returned 0x57 [0047.701] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x29e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0047.701] GetLastError () returned 0x57 [0047.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x29e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0047.716] GetLastError () returned 0x57 [0047.716] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x29e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0047.716] GetLastError () returned 0x57 [0047.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.718] GetLastError () returned 0x57 [0047.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.719] GetLastError () returned 0x57 [0047.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x29e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0047.721] GetLastError () returned 0x57 [0047.721] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x29e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0047.722] GetLastError () returned 0x57 [0047.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0047.724] GetLastError () returned 0x57 [0047.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x29e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0047.724] GetLastError () returned 0x57 [0047.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x29e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0047.726] GetLastError () returned 0x57 [0047.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x29e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0047.726] GetLastError () returned 0x57 [0047.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x29e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0047.727] GetLastError () returned 0x57 [0047.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x29e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0047.728] GetLastError () returned 0x57 [0047.745] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.745] GetLastError () returned 0xcb [0047.746] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.746] GetLastError () returned 0xcb [0047.749] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.749] GetLastError () returned 0xcb [0047.749] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.749] GetLastError () returned 0xcb [0047.751] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.751] GetLastError () returned 0xcb [0047.753] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e85c | out: phkResult=0x29e85c*=0x328) returned 0x0 [0047.755] RegQueryInfoKeyW (in: hKey=0x328, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x29e8ac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x29e8b0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x29e8ac*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x29e8b0*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.756] RegEnumValueW (in: hKey=0x328, dwIndex=0x0, lpValueName=0x367700, lpcchValueName=0x29e8d4, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x29e8d4, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0047.757] RegEnumValueW (in: hKey=0x328, dwIndex=0x1, lpValueName=0x367700, lpcchValueName=0x29e8d4, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x29e8d4, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0047.757] RegQueryValueExW (in: hKey=0x328, lpValueName="StackVersion", lpReserved=0x0, lpType=0x29e8b4, lpData=0x0, lpcbData=0x29e8b0*=0x0 | out: lpType=0x29e8b4*=0x1, lpData=0x0, lpcbData=0x29e8b0*=0x8) returned 0x0 [0047.757] RegQueryValueExW (in: hKey=0x328, lpValueName="StackVersion", lpReserved=0x0, lpType=0x29e8b4, lpData=0x367700, lpcbData=0x29e8b0*=0x8 | out: lpType=0x29e8b4*=0x1, lpData="2.0", lpcbData=0x29e8b0*=0x8) returned 0x0 [0047.793] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e818 | out: phkResult=0x29e818*=0x32c) returned 0x0 [0047.793] RegQueryInfoKeyW (in: hKey=0x32c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x29e868, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x29e86c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x29e868*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x29e86c*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.793] RegEnumValueW (in: hKey=0x32c, dwIndex=0x0, lpValueName=0x367700, lpcchValueName=0x29e890, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x29e890, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0047.794] RegEnumValueW (in: hKey=0x32c, dwIndex=0x1, lpValueName=0x367700, lpcchValueName=0x29e890, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x29e890, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0047.794] RegQueryValueExW (in: hKey=0x32c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x29e870, lpData=0x0, lpcbData=0x29e86c*=0x0 | out: lpType=0x29e870*=0x1, lpData=0x0, lpcbData=0x29e86c*=0x8) returned 0x0 [0047.794] RegQueryValueExW (in: hKey=0x32c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x29e870, lpData=0x367700, lpcbData=0x29e86c*=0x8 | out: lpType=0x29e870*=0x1, lpData="2.0", lpcbData=0x29e86c*=0x8) returned 0x0 [0047.795] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.795] GetLastError () returned 0xcb [0047.798] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.798] GetLastError () returned 0xcb [0047.815] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7d8 | out: phkResult=0x29e7d8*=0x330) returned 0x0 [0047.816] RegQueryInfoKeyW (in: hKey=0x330, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x29e840, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x29e83c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x29e840*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x29e83c*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.817] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x0, lpName=0x367700, lpcchName=0x29e85c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x29e85c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.817] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x1, lpName=0x367700, lpcchName=0x29e85c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x29e85c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.817] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x2, lpName=0x367700, lpcchName=0x29e85c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x29e85c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.817] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x3, lpName=0x367700, lpcchName=0x29e85c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x29e85c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.817] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x4, lpName=0x367700, lpcchName=0x29e85c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x29e85c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.817] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x5, lpName=0x367700, lpcchName=0x29e85c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x29e85c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.818] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x6, lpName=0x367700, lpcchName=0x29e85c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x29e85c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.818] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x7, lpName=0x367700, lpcchName=0x29e85c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x29e85c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.818] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x8, lpName=0x367700, lpcchName=0x29e85c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x29e85c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.818] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e808 | out: phkResult=0x29e808*=0x34c) returned 0x0 [0047.818] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e808 | out: phkResult=0x29e808*=0x0) returned 0x2 [0047.819] RegOpenKeyExW (in: hKey=0x330, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e808 | out: phkResult=0x29e808*=0x35c) returned 0x0 [0047.819] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e808 | out: phkResult=0x29e808*=0x0) returned 0x2 [0047.819] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e808 | out: phkResult=0x29e808*=0x364) returned 0x0 [0047.819] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e808 | out: phkResult=0x29e808*=0x0) returned 0x2 [0047.819] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e808 | out: phkResult=0x29e808*=0x368) returned 0x0 [0047.819] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e808 | out: phkResult=0x29e808*=0x0) returned 0x2 [0047.820] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e808 | out: phkResult=0x29e808*=0x36c) returned 0x0 [0047.820] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e808 | out: phkResult=0x29e808*=0x0) returned 0x2 [0047.820] RegOpenKeyExW (in: hKey=0x330, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e808 | out: phkResult=0x29e808*=0x370) returned 0x0 [0047.820] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e808 | out: phkResult=0x29e808*=0x0) returned 0x2 [0047.820] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e808 | out: phkResult=0x29e808*=0x374) returned 0x0 [0047.821] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e808 | out: phkResult=0x29e808*=0x0) returned 0x2 [0047.821] RegOpenKeyExW (in: hKey=0x330, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e808 | out: phkResult=0x29e808*=0x378) returned 0x0 [0047.821] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e808 | out: phkResult=0x29e808*=0x0) returned 0x2 [0047.821] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e808 | out: phkResult=0x29e808*=0x37c) returned 0x0 [0047.821] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e808 | out: phkResult=0x29e808*=0x380) returned 0x0 [0047.821] RegCloseKey (hKey=0x380) returned 0x0 [0047.822] RegCloseKey (hKey=0x330) returned 0x0 [0047.822] RegCloseKey (hKey=0x37c) returned 0x0 [0047.840] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x367ec0, nSize=0x29e954 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x29e954) returned 0x1 [0047.843] GetLastError () returned 0x3 [0047.844] GetUserNameW (in: lpBuffer=0x367700, pcbBuffer=0x29e95c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29e95c) returned 1 [0047.888] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7bc | out: phkResult=0x29e7bc*=0x330) returned 0x0 [0047.889] RegQueryInfoKeyW (in: hKey=0x330, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x29e824, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x29e820, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x29e824*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x29e820*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.889] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x0, lpName=0x367700, lpcchName=0x29e840, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x29e840, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.889] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x1, lpName=0x367700, lpcchName=0x29e840, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x29e840, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.889] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x2, lpName=0x367700, lpcchName=0x29e840, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x29e840, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.889] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x3, lpName=0x367700, lpcchName=0x29e840, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x29e840, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.889] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x4, lpName=0x367700, lpcchName=0x29e840, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x29e840, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.889] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x5, lpName=0x367700, lpcchName=0x29e840, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x29e840, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.890] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x6, lpName=0x367700, lpcchName=0x29e840, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x29e840, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.890] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x7, lpName=0x367700, lpcchName=0x29e840, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x29e840, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.890] RegEnumKeyExW (in: hKey=0x330, dwIndex=0x8, lpName=0x367700, lpcchName=0x29e840, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x29e840, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.890] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x380) returned 0x0 [0047.890] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x0) returned 0x2 [0047.891] RegOpenKeyExW (in: hKey=0x330, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x384) returned 0x0 [0047.891] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x0) returned 0x2 [0047.891] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x388) returned 0x0 [0047.891] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x0) returned 0x2 [0047.891] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x38c) returned 0x0 [0047.891] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x0) returned 0x2 [0047.892] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x390) returned 0x0 [0047.892] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x0) returned 0x2 [0047.892] RegOpenKeyExW (in: hKey=0x330, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x394) returned 0x0 [0047.892] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x0) returned 0x2 [0047.892] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x398) returned 0x0 [0047.892] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x0) returned 0x2 [0047.893] RegOpenKeyExW (in: hKey=0x330, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x39c) returned 0x0 [0047.893] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x0) returned 0x2 [0047.893] RegOpenKeyExW (in: hKey=0x330, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x3a0) returned 0x0 [0047.893] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x3a4) returned 0x0 [0047.893] RegCloseKey (hKey=0x3a4) returned 0x0 [0047.893] RegCloseKey (hKey=0x330) returned 0x0 [0047.893] RegCloseKey (hKey=0x3a0) returned 0x0 [0047.893] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7bc | out: phkResult=0x29e7bc*=0x3a0) returned 0x0 [0047.894] RegQueryInfoKeyW (in: hKey=0x3a0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x29e824, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x29e820, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x29e824*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x29e820*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.894] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x0, lpName=0x367700, lpcchName=0x29e840, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x29e840, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.894] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x1, lpName=0x367700, lpcchName=0x29e840, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x29e840, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.894] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x2, lpName=0x367700, lpcchName=0x29e840, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x29e840, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.894] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x3, lpName=0x367700, lpcchName=0x29e840, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x29e840, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.894] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x4, lpName=0x367700, lpcchName=0x29e840, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x29e840, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.894] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x5, lpName=0x367700, lpcchName=0x29e840, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x29e840, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.895] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x6, lpName=0x367700, lpcchName=0x29e840, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x29e840, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.895] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x7, lpName=0x367700, lpcchName=0x29e840, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x29e840, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.895] RegEnumKeyExW (in: hKey=0x3a0, dwIndex=0x8, lpName=0x367700, lpcchName=0x29e840, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x29e840, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.895] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x330) returned 0x0 [0047.895] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x0) returned 0x2 [0047.895] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x3a4) returned 0x0 [0047.896] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x0) returned 0x2 [0047.896] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x3a8) returned 0x0 [0047.896] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x0) returned 0x2 [0047.896] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x3ac) returned 0x0 [0047.896] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x0) returned 0x2 [0047.896] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x3b0) returned 0x0 [0047.897] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x0) returned 0x2 [0047.897] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x3b4) returned 0x0 [0047.897] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x0) returned 0x2 [0047.897] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x3b8) returned 0x0 [0047.897] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x0) returned 0x2 [0047.897] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x3bc) returned 0x0 [0047.898] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x0) returned 0x2 [0047.898] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x3c0) returned 0x0 [0047.898] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7ec | out: phkResult=0x29e7ec*=0x3c4) returned 0x0 [0047.898] RegCloseKey (hKey=0x3c4) returned 0x0 [0047.898] RegCloseKey (hKey=0x3a0) returned 0x0 [0047.899] RegCloseKey (hKey=0x3c0) returned 0x0 [0047.899] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7b0 | out: phkResult=0x29e7b0*=0x3c0) returned 0x0 [0047.899] RegQueryInfoKeyW (in: hKey=0x3c0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x29e818, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x29e814, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x29e818*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x29e814*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.899] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x0, lpName=0x367700, lpcchName=0x29e834, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x29e834, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.899] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x1, lpName=0x367700, lpcchName=0x29e834, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x29e834, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.899] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x2, lpName=0x367700, lpcchName=0x29e834, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x29e834, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.900] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x3, lpName=0x367700, lpcchName=0x29e834, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x29e834, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.900] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x4, lpName=0x367700, lpcchName=0x29e834, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x29e834, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.900] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x5, lpName=0x367700, lpcchName=0x29e834, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x29e834, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.900] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x6, lpName=0x367700, lpcchName=0x29e834, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x29e834, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.900] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x7, lpName=0x367700, lpcchName=0x29e834, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x29e834, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.900] RegEnumKeyExW (in: hKey=0x3c0, dwIndex=0x8, lpName=0x367700, lpcchName=0x29e834, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x29e834, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0047.900] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7e0 | out: phkResult=0x29e7e0*=0x3a0) returned 0x0 [0047.901] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7e0 | out: phkResult=0x29e7e0*=0x0) returned 0x2 [0047.901] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7e0 | out: phkResult=0x29e7e0*=0x3c4) returned 0x0 [0047.901] RegOpenKeyExW (in: hKey=0x3c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7e0 | out: phkResult=0x29e7e0*=0x0) returned 0x2 [0047.901] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7e0 | out: phkResult=0x29e7e0*=0x3c8) returned 0x0 [0047.901] RegOpenKeyExW (in: hKey=0x3c8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7e0 | out: phkResult=0x29e7e0*=0x0) returned 0x2 [0047.901] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7e0 | out: phkResult=0x29e7e0*=0x3cc) returned 0x0 [0047.902] RegOpenKeyExW (in: hKey=0x3cc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7e0 | out: phkResult=0x29e7e0*=0x0) returned 0x2 [0047.902] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7e0 | out: phkResult=0x29e7e0*=0x3d0) returned 0x0 [0047.917] RegOpenKeyExW (in: hKey=0x3d0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7e0 | out: phkResult=0x29e7e0*=0x0) returned 0x2 [0047.917] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7e0 | out: phkResult=0x29e7e0*=0x3d4) returned 0x0 [0047.917] RegOpenKeyExW (in: hKey=0x3d4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7e0 | out: phkResult=0x29e7e0*=0x0) returned 0x2 [0047.917] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7e0 | out: phkResult=0x29e7e0*=0x3d8) returned 0x0 [0047.918] RegOpenKeyExW (in: hKey=0x3d8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7e0 | out: phkResult=0x29e7e0*=0x0) returned 0x2 [0047.918] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7e0 | out: phkResult=0x29e7e0*=0x3dc) returned 0x0 [0047.918] RegOpenKeyExW (in: hKey=0x3dc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7e0 | out: phkResult=0x29e7e0*=0x0) returned 0x2 [0047.918] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7e0 | out: phkResult=0x29e7e0*=0x3e0) returned 0x0 [0047.918] RegOpenKeyExW (in: hKey=0x3e0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e7e0 | out: phkResult=0x29e7e0*=0x3e4) returned 0x0 [0047.918] RegCloseKey (hKey=0x3e4) returned 0x0 [0047.919] RegCloseKey (hKey=0x3c0) returned 0x0 [0047.919] RegCloseKey (hKey=0x3e0) returned 0x0 [0047.933] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x4ed0004 [0047.937] GetLastError () returned 0x0 [0047.939] ReportEventW (hEventLog=0x4ed0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x366ddf4*="WSMan", lpRawData=0x366dc9c) returned 1 [0047.945] GetLastError () returned 0x0 [0047.947] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.947] GetLastError () returned 0xcb [0047.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e354, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.948] GetLastError () returned 0xcb [0047.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e304, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.948] GetLastError () returned 0xcb [0047.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e304, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.948] GetLastError () returned 0xcb [0047.949] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x367ec0, nSize=0x29e954 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x29e954) returned 0x1 [0047.950] GetLastError () returned 0xcb [0047.950] GetUserNameW (in: lpBuffer=0x367700, pcbBuffer=0x29e95c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29e95c) returned 1 [0047.950] ReportEventW (hEventLog=0x4ed0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3671cd0*="Alias", lpRawData=0x3671b8c) returned 1 [0047.951] GetLastError () returned 0x0 [0047.952] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.952] GetLastError () returned 0xcb [0047.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e354, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.952] GetLastError () returned 0xcb [0047.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e304, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.952] GetLastError () returned 0xcb [0047.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e304, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.953] GetLastError () returned 0xcb [0047.953] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x367ec0, nSize=0x29e954 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x29e954) returned 0x1 [0047.953] GetLastError () returned 0xcb [0047.953] GetUserNameW (in: lpBuffer=0x367700, pcbBuffer=0x29e95c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29e95c) returned 1 [0047.953] ReportEventW (hEventLog=0x4ed0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3675c64*="Environment", lpRawData=0x3675b20) returned 1 [0047.954] GetLastError () returned 0x0 [0047.955] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.955] GetLastError () returned 0xcb [0047.955] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0047.955] GetLastError () returned 0xcb [0047.955] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b [0047.955] GetLastError () returned 0xcb [0047.956] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x29e484, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0047.956] GetLastError () returned 0xcb [0047.956] SetErrorMode (uMode=0x1) returned 0x1 [0047.956] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x29e904 | out: lpFileInformation=0x29e904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0047.956] GetLastError () returned 0xcb [0047.956] SetErrorMode (uMode=0x1) returned 0x1 [0047.959] GetLogicalDrives () returned 0x4 [0047.959] GetLastError () returned 0xcb [0047.961] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x29e3a8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0047.961] GetLastError () returned 0xcb [0047.962] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0047.962] GetLastError () returned 0xcb [0047.962] SetErrorMode (uMode=0x1) returned 0x1 [0047.963] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x367800, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x29e8d0, lpMaximumComponentLength=0x29e8cc, lpFileSystemFlags=0x29e8c8, lpFileSystemNameBuffer=0x367700, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x29e8d0*=0x9c354b42, lpMaximumComponentLength=0x29e8cc*=0xff, lpFileSystemFlags=0x29e8c8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1 [0047.964] GetLastError () returned 0xcb [0047.964] SetErrorMode (uMode=0x1) returned 0x1 [0047.964] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0047.964] GetLastError () returned 0xcb [0047.964] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e430, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0047.964] GetLastError () returned 0xcb [0047.964] SetErrorMode (uMode=0x1) returned 0x1 [0047.964] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x3676e9c | out: lpFileInformation=0x3676e9c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0047.964] GetLastError () returned 0xcb [0047.964] SetErrorMode (uMode=0x1) returned 0x1 [0047.964] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e430, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0047.964] GetLastError () returned 0xcb [0047.964] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x29e3bc, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0047.965] GetLastError () returned 0xcb [0047.965] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0047.965] GetLastError () returned 0xcb [0047.967] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x29e378, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0047.967] GetLastError () returned 0xcb [0047.967] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0047.967] GetLastError () returned 0xcb [0047.968] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e380, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0047.968] GetLastError () returned 0xcb [0047.968] SetErrorMode (uMode=0x1) returned 0x1 [0047.968] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x3677af4 | out: lpFileInformation=0x3677af4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0047.968] GetLastError () returned 0xcb [0047.968] SetErrorMode (uMode=0x1) returned 0x1 [0047.968] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e388, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0047.968] GetLastError () returned 0xcb [0047.968] SetErrorMode (uMode=0x1) returned 0x1 [0047.968] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x3677c44 | out: lpFileInformation=0x3677c44*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0047.968] GetLastError () returned 0xcb [0047.968] SetErrorMode (uMode=0x1) returned 0x1 [0047.968] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3cc, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0047.968] GetLastError () returned 0xcb [0047.968] SetErrorMode (uMode=0x1) returned 0x1 [0047.968] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x3677de4 | out: lpFileInformation=0x3677de4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0047.968] GetLastError () returned 0xcb [0047.968] SetErrorMode (uMode=0x1) returned 0x1 [0047.969] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x367ec0, nSize=0x29e954 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x29e954) returned 0x1 [0047.969] GetLastError () returned 0xcb [0047.969] GetUserNameW (in: lpBuffer=0x367700, pcbBuffer=0x29e95c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29e95c) returned 1 [0047.969] ReportEventW (hEventLog=0x4ed0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x367ab6c*="FileSystem", lpRawData=0x367aa28) returned 1 [0047.970] GetLastError () returned 0x0 [0047.970] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.970] GetLastError () returned 0xcb [0047.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e370, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.971] GetLastError () returned 0xcb [0047.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.971] GetLastError () returned 0xcb [0047.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.971] GetLastError () returned 0xcb [0047.972] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x367ec0, nSize=0x29e954 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x29e954) returned 0x1 [0047.972] GetLastError () returned 0xcb [0047.972] GetUserNameW (in: lpBuffer=0x367700, pcbBuffer=0x29e95c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29e95c) returned 1 [0047.972] ReportEventW (hEventLog=0x4ed0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x367ec5c*="Function", lpRawData=0x367eb18) returned 1 [0047.973] GetLastError () returned 0x0 [0047.975] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.975] GetLastError () returned 0xcb [0047.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e368, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.980] GetLastError () returned 0xcb [0047.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e318, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.980] GetLastError () returned 0xcb [0047.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e318, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.980] GetLastError () returned 0xcb [0047.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e318, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.981] GetLastError () returned 0xcb [0048.015] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e368, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.015] GetLastError () returned 0xcb [0048.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e318, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.016] GetLastError () returned 0xcb [0048.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e318, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.016] GetLastError () returned 0xcb [0048.017] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x367ec0, nSize=0x29e954 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x29e954) returned 0x1 [0048.018] GetLastError () returned 0xcb [0048.018] GetUserNameW (in: lpBuffer=0x367700, pcbBuffer=0x29e95c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29e95c) returned 1 [0048.018] ReportEventW (hEventLog=0x4ed0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3697d18*="Registry", lpRawData=0x3697bd4) returned 1 [0048.018] GetLastError () returned 0x0 [0048.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e354, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.019] GetLastError () returned 0x0 [0048.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e304, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.019] GetLastError () returned 0x0 [0048.019] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e304, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.019] GetLastError () returned 0x0 [0048.020] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x367ec0, nSize=0x29e954 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x29e954) returned 0x1 [0048.020] GetLastError () returned 0x0 [0048.020] GetUserNameW (in: lpBuffer=0x367700, pcbBuffer=0x29e95c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29e95c) returned 1 [0048.021] ReportEventW (hEventLog=0x4ed0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x369bb00*="Variable", lpRawData=0x369b9bc) returned 1 [0048.021] GetLastError () returned 0x0 [0048.022] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.022] GetLastError () returned 0xcb [0048.024] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.024] GetLastError () returned 0xcb [0048.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x29e354, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0048.026] GetLastError () returned 0xcb [0048.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x29e304, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0048.026] GetLastError () returned 0xcb [0048.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x29e304, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0048.026] GetLastError () returned 0xcb [0048.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x29e304, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0048.026] GetLastError () returned 0xcb [0048.082] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x367ec0, nSize=0x29e954 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x29e954) returned 0x1 [0048.082] GetLastError () returned 0x3 [0048.082] GetUserNameW (in: lpBuffer=0x367700, pcbBuffer=0x29e95c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29e95c) returned 1 [0048.082] ReportEventW (hEventLog=0x4ed0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x36a98cc*="Certificate", lpRawData=0x36a9788) returned 1 [0048.083] GetLastError () returned 0x0 [0048.095] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.095] GetLastError () returned 0xcb [0048.097] GetLogicalDrives () returned 0x4 [0048.097] GetLastError () returned 0xcb [0048.097] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x29e4cc, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0048.097] GetLastError () returned 0xcb [0048.097] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0048.097] GetLastError () returned 0xcb [0048.101] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x367700 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0048.101] GetLastError () returned 0xcb [0048.103] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.103] GetLastError () returned 0xcb [0048.103] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.103] GetLastError () returned 0xcb [0048.121] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.121] GetLastError () returned 0xcb [0048.123] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.123] GetLastError () returned 0xcb [0048.124] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e314, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0048.124] GetLastError () returned 0xcb [0048.124] SetErrorMode (uMode=0x1) returned 0x1 [0048.124] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x36b1238 | out: lpFileInformation=0x36b1238*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xbf388d00, ftLastAccessTime.dwHighDateTime=0x1d5f0a8, ftLastWriteTime.dwLowDateTime=0xbf388d00, ftLastWriteTime.dwHighDateTime=0x1d5f0a8, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0048.124] GetLastError () returned 0xcb [0048.124] SetErrorMode (uMode=0x1) returned 0x1 [0048.124] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e31c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0048.124] GetLastError () returned 0xcb [0048.124] SetErrorMode (uMode=0x1) returned 0x1 [0048.124] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x36b13ec | out: lpFileInformation=0x36b13ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xbf388d00, ftLastAccessTime.dwHighDateTime=0x1d5f0a8, ftLastWriteTime.dwLowDateTime=0xbf388d00, ftLastWriteTime.dwHighDateTime=0x1d5f0a8, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0048.124] GetLastError () returned 0xcb [0048.124] SetErrorMode (uMode=0x1) returned 0x1 [0048.129] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.129] GetLastError () returned 0xcb [0048.140] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e464, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0048.140] GetLastError () returned 0xcb [0048.169] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0048.169] GetLastError () returned 0xcb [0048.169] SetErrorMode (uMode=0x1) returned 0x1 [0048.169] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x29e860 | out: lpFileInformation=0x29e860*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0048.169] GetLastError () returned 0xcb [0048.169] SetErrorMode (uMode=0x1) returned 0x1 [0048.169] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0048.169] GetLastError () returned 0xcb [0048.169] SetErrorMode (uMode=0x1) returned 0x1 [0048.169] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x29e860 | out: lpFileInformation=0x29e860*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0048.169] GetLastError () returned 0xcb [0048.169] SetErrorMode (uMode=0x1) returned 0x1 [0048.169] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x29e3f4, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0048.169] GetLastError () returned 0xcb [0048.169] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x29e390, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0048.169] GetLastError () returned 0xcb [0048.170] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x29e3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0048.170] GetLastError () returned 0xcb [0048.170] SetErrorMode (uMode=0x1) returned 0x1 [0048.170] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x29e860 | out: lpFileInformation=0x29e860*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0048.170] GetLastError () returned 0xcb [0048.170] SetErrorMode (uMode=0x1) returned 0x1 [0048.170] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x29e3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0048.170] GetLastError () returned 0xcb [0048.170] SetErrorMode (uMode=0x1) returned 0x1 [0048.170] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x29e860 | out: lpFileInformation=0x29e860*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0048.170] GetLastError () returned 0xcb [0048.170] SetErrorMode (uMode=0x1) returned 0x1 [0048.170] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x29e3f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0048.170] GetLastError () returned 0xcb [0048.170] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0x29e390, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0048.170] GetLastError () returned 0xcb [0048.170] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x29e3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0048.170] GetLastError () returned 0xcb [0048.170] SetErrorMode (uMode=0x1) returned 0x1 [0048.170] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x29e860 | out: lpFileInformation=0x29e860*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0048.170] GetLastError () returned 0xcb [0048.170] SetErrorMode (uMode=0x1) returned 0x1 [0048.171] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x29e3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0048.171] GetLastError () returned 0xcb [0048.171] SetErrorMode (uMode=0x1) returned 0x1 [0048.171] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x29e860 | out: lpFileInformation=0x29e860*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0048.171] GetLastError () returned 0xcb [0048.171] SetErrorMode (uMode=0x1) returned 0x1 [0048.171] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x29e3f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0048.171] GetLastError () returned 0xcb [0048.171] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\.", nBufferLength=0x105, lpBuffer=0x29e390, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0048.171] GetLastError () returned 0xcb [0048.171] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0048.171] GetLastError () returned 0xcb [0048.171] SetErrorMode (uMode=0x1) returned 0x1 [0048.171] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x29e860 | out: lpFileInformation=0x29e860*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xbf388d00, ftLastAccessTime.dwHighDateTime=0x1d5f0a8, ftLastWriteTime.dwLowDateTime=0xbf388d00, ftLastWriteTime.dwHighDateTime=0x1d5f0a8, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0048.171] GetLastError () returned 0xcb [0048.171] SetErrorMode (uMode=0x1) returned 0x1 [0048.171] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0048.171] GetLastError () returned 0xcb [0048.171] SetErrorMode (uMode=0x1) returned 0x1 [0048.171] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x29e860 | out: lpFileInformation=0x29e860*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xbf388d00, ftLastAccessTime.dwHighDateTime=0x1d5f0a8, ftLastWriteTime.dwLowDateTime=0xbf388d00, ftLastWriteTime.dwHighDateTime=0x1d5f0a8, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0048.171] GetLastError () returned 0xcb [0048.171] SetErrorMode (uMode=0x1) returned 0x1 [0048.171] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0048.171] GetLastError () returned 0xcb [0048.171] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.", nBufferLength=0x105, lpBuffer=0x29e390, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0048.172] GetLastError () returned 0xcb [0048.172] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x29e3ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0048.172] GetLastError () returned 0xcb [0048.172] SetErrorMode (uMode=0x1) returned 0x1 [0048.172] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x29e86c | out: lpFileInformation=0x29e86c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0048.172] GetLastError () returned 0xcb [0048.172] SetErrorMode (uMode=0x1) returned 0x1 [0048.172] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x29e3ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0048.172] GetLastError () returned 0xcb [0048.172] SetErrorMode (uMode=0x1) returned 0x1 [0048.172] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x29e86c | out: lpFileInformation=0x29e86c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0048.172] GetLastError () returned 0xcb [0048.172] SetErrorMode (uMode=0x1) returned 0x1 [0048.172] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x29e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0048.172] GetLastError () returned 0xcb [0048.172] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0x29e39c, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0048.172] GetLastError () returned 0xcb [0048.172] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x29e3ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0048.172] GetLastError () returned 0xcb [0048.172] SetErrorMode (uMode=0x1) returned 0x1 [0048.172] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x29e86c | out: lpFileInformation=0x29e86c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0048.172] GetLastError () returned 0xcb [0048.173] SetErrorMode (uMode=0x1) returned 0x1 [0048.173] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x29e3ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0048.173] GetLastError () returned 0xcb [0048.173] SetErrorMode (uMode=0x1) returned 0x1 [0048.173] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x29e86c | out: lpFileInformation=0x29e86c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0048.173] GetLastError () returned 0xcb [0048.173] SetErrorMode (uMode=0x1) returned 0x1 [0048.173] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x29e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0048.173] GetLastError () returned 0xcb [0048.173] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\.", nBufferLength=0x105, lpBuffer=0x29e39c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0048.173] GetLastError () returned 0xcb [0048.173] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0048.173] GetLastError () returned 0xcb [0048.173] SetErrorMode (uMode=0x1) returned 0x1 [0048.173] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x29e86c | out: lpFileInformation=0x29e86c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xbf388d00, ftLastAccessTime.dwHighDateTime=0x1d5f0a8, ftLastWriteTime.dwLowDateTime=0xbf388d00, ftLastWriteTime.dwHighDateTime=0x1d5f0a8, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0048.173] GetLastError () returned 0xcb [0048.173] SetErrorMode (uMode=0x1) returned 0x1 [0048.173] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e3ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0048.173] GetLastError () returned 0xcb [0048.173] SetErrorMode (uMode=0x1) returned 0x1 [0048.173] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x29e86c | out: lpFileInformation=0x29e86c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xbf388d00, ftLastAccessTime.dwHighDateTime=0x1d5f0a8, ftLastWriteTime.dwLowDateTime=0xbf388d00, ftLastWriteTime.dwHighDateTime=0x1d5f0a8, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0048.173] GetLastError () returned 0xcb [0048.173] SetErrorMode (uMode=0x1) returned 0x1 [0048.173] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0048.174] GetLastError () returned 0xcb [0048.174] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.", nBufferLength=0x105, lpBuffer=0x29e39c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0048.174] GetLastError () returned 0xcb [0048.175] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x29e4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0048.175] GetLastError () returned 0xcb [0048.175] SetErrorMode (uMode=0x1) returned 0x1 [0048.175] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x2f85d34 | out: lpFileInformation=0x2f85d34*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xbf388d00, ftLastAccessTime.dwHighDateTime=0x1d5f0a8, ftLastWriteTime.dwLowDateTime=0xbf388d00, ftLastWriteTime.dwHighDateTime=0x1d5f0a8, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0048.175] GetLastError () returned 0xcb [0048.175] SetErrorMode (uMode=0x1) returned 0x1 [0048.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e504, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.176] GetLastError () returned 0xcb [0048.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e4b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.176] GetLastError () returned 0xcb [0048.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e4b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.176] GetLastError () returned 0xcb [0048.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e4b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.176] GetLastError () returned 0xcb [0048.196] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x367ec0, nSize=0x29ea58 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x29ea58) returned 0x1 [0048.196] GetLastError () returned 0xcb [0048.196] GetUserNameW (in: lpBuffer=0x367700, pcbBuffer=0x29ea60 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29ea60) returned 1 [0048.197] ReportEventW (hEventLog=0x4ed0004, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2fa69dc*="Available", lpRawData=0x2fa6898) returned 1 [0048.198] GetLastError () returned 0x0 [0048.198] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.198] GetLastError () returned 0xcb [0048.199] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.199] GetLastError () returned 0xcb [0048.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e538, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.210] GetLastError () returned 0xcb [0048.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.210] GetLastError () returned 0xcb [0048.210] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.210] GetLastError () returned 0xcb [0048.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.213] GetLastError () returned 0xcb [0048.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e48c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.214] GetLastError () returned 0xcb [0048.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e48c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.214] GetLastError () returned 0xcb [0048.214] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0048.214] GetLastError () returned 0xcb [0048.214] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b [0048.214] GetLastError () returned 0xcb [0048.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.214] GetLastError () returned 0xcb [0048.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e48c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.214] GetLastError () returned 0xcb [0048.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e48c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.214] GetLastError () returned 0xcb [0048.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.214] GetLastError () returned 0xcb [0048.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e48c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.214] GetLastError () returned 0xcb [0048.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e48c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.215] GetLastError () returned 0xcb [0048.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.215] GetLastError () returned 0xcb [0048.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e48c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.215] GetLastError () returned 0xcb [0048.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e48c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.215] GetLastError () returned 0xcb [0048.215] GetCurrentProcessId () returned 0x670 [0048.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.215] GetLastError () returned 0xcb [0048.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e48c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.215] GetLastError () returned 0xcb [0048.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e48c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.215] GetLastError () returned 0xcb [0048.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.216] GetLastError () returned 0xcb [0048.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e478, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.216] GetLastError () returned 0xcb [0048.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e478, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.216] GetLastError () returned 0xcb [0048.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.216] GetLastError () returned 0xcb [0048.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e478, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.216] GetLastError () returned 0xcb [0048.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e478, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.216] GetLastError () returned 0xcb [0048.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.216] GetLastError () returned 0xcb [0048.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e48c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.216] GetLastError () returned 0xcb [0048.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e48c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.216] GetLastError () returned 0xcb [0048.217] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29e9ec | out: phkResult=0x29e9ec*=0x358) returned 0x0 [0048.217] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29ea34, lpData=0x0, lpcbData=0x29ea30*=0x0 | out: lpType=0x29ea34*=0x1, lpData=0x0, lpcbData=0x29ea30*=0x56) returned 0x0 [0048.217] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29ea34, lpData=0x367700, lpcbData=0x29ea30*=0x56 | out: lpType=0x29ea34*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29ea30*=0x56) returned 0x0 [0048.217] RegCloseKey (hKey=0x358) returned 0x0 [0048.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.218] GetLastError () returned 0xcb [0048.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e48c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.218] GetLastError () returned 0xcb [0048.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e48c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.218] GetLastError () returned 0xcb [0048.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e4c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.218] GetLastError () returned 0xcb [0048.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e474, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.218] GetLastError () returned 0xcb [0048.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29e474, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.218] GetLastError () returned 0xcb [0048.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.230] GetLastError () returned 0xcb [0048.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.230] GetLastError () returned 0xcb [0048.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.231] GetLastError () returned 0xcb [0048.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.231] GetLastError () returned 0xcb [0048.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.231] GetLastError () returned 0xcb [0048.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.231] GetLastError () returned 0xcb [0048.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.231] GetLastError () returned 0xcb [0048.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.231] GetLastError () returned 0xcb [0048.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.231] GetLastError () returned 0xcb [0048.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.231] GetLastError () returned 0xcb [0048.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.231] GetLastError () returned 0xcb [0048.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.231] GetLastError () returned 0xcb [0048.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.232] GetLastError () returned 0xcb [0048.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.232] GetLastError () returned 0xcb [0048.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.232] GetLastError () returned 0xcb [0048.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.232] GetLastError () returned 0xcb [0048.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.232] GetLastError () returned 0xcb [0048.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.232] GetLastError () returned 0xcb [0048.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.232] GetLastError () returned 0xcb [0048.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.232] GetLastError () returned 0xcb [0048.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.232] GetLastError () returned 0xcb [0048.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.232] GetLastError () returned 0xcb [0048.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.232] GetLastError () returned 0xcb [0048.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.232] GetLastError () returned 0xcb [0048.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.233] GetLastError () returned 0xcb [0048.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.233] GetLastError () returned 0xcb [0048.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.233] GetLastError () returned 0xcb [0048.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.233] GetLastError () returned 0xcb [0048.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.233] GetLastError () returned 0xcb [0048.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.233] GetLastError () returned 0xcb [0048.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.233] GetLastError () returned 0xcb [0048.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.233] GetLastError () returned 0xcb [0048.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.233] GetLastError () returned 0xcb [0048.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.233] GetLastError () returned 0xcb [0048.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.233] GetLastError () returned 0xcb [0048.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.233] GetLastError () returned 0xcb [0048.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.233] GetLastError () returned 0xcb [0048.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.234] GetLastError () returned 0xcb [0048.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.234] GetLastError () returned 0xcb [0048.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.234] GetLastError () returned 0xcb [0048.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.234] GetLastError () returned 0xcb [0048.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.234] GetLastError () returned 0xcb [0048.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.234] GetLastError () returned 0xcb [0048.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.234] GetLastError () returned 0xcb [0048.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.234] GetLastError () returned 0xcb [0048.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.234] GetLastError () returned 0xcb [0048.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.234] GetLastError () returned 0xcb [0048.234] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.234] GetLastError () returned 0xcb [0048.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.235] GetLastError () returned 0xcb [0048.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dae4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.235] GetLastError () returned 0xcb [0048.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dae4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.235] GetLastError () returned 0xcb [0048.235] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dae4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.235] GetLastError () returned 0xcb [0048.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.251] GetLastError () returned 0xcb [0048.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dae4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.251] GetLastError () returned 0xcb [0048.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dae4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.251] GetLastError () returned 0xcb [0048.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29db34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.252] GetLastError () returned 0xcb [0048.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dae4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.252] GetLastError () returned 0xcb [0048.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29dae4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.252] GetLastError () returned 0xcb [0048.252] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.253] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.253] GetLastError () returned 0xcb [0048.259] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.278] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.278] GetLastError () returned 0xcb [0048.279] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.279] GetLastError () returned 0xcb [0048.282] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.282] GetLastError () returned 0xcb [0048.287] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.287] GetLastError () returned 0xcb [0048.295] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.295] GetLastError () returned 0xcb [0048.301] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.302] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.400] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.409] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.409] GetLastError () returned 0xcb [0048.784] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x361f40 [0048.784] GetLastError () returned 0x0 [0048.785] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x361fc8 [0048.786] GetLastError () returned 0x0 [0048.908] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.937] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.938] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.939] VirtualQuery (in: lpAddress=0x29c714, lpBuffer=0x29d714, dwLength=0x1c | out: lpBuffer=0x29d714*(BaseAddress=0x29c000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.974] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.974] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.974] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.974] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.974] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.974] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.975] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.975] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.975] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.975] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.975] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.975] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.975] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.975] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.975] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.975] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.975] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.975] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.975] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.975] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.975] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.975] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.975] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.976] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.976] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.976] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.976] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.976] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.976] VirtualQuery (in: lpAddress=0x29d060, lpBuffer=0x29e060, dwLength=0x1c | out: lpBuffer=0x29e060*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.981] GetLastError () returned 0xcb [0048.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.981] GetLastError () returned 0xcb [0048.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.981] GetLastError () returned 0xcb [0048.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.981] GetLastError () returned 0xcb [0048.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.992] GetLastError () returned 0xcb [0048.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.992] GetLastError () returned 0xcb [0048.992] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.992] GetLastError () returned 0xcb [0048.992] VirtualQuery (in: lpAddress=0x29d388, lpBuffer=0x29e388, dwLength=0x1c | out: lpBuffer=0x29e388*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.993] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.993] GetLastError () returned 0xcb [0048.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.994] GetLastError () returned 0xcb [0048.994] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x29de0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.994] GetLastError () returned 0xcb [0048.994] VirtualQuery (in: lpAddress=0x29d380, lpBuffer=0x29e380, dwLength=0x1c | out: lpBuffer=0x29e380*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.994] VirtualQuery (in: lpAddress=0x29d034, lpBuffer=0x29e034, dwLength=0x1c | out: lpBuffer=0x29e034*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.994] VirtualQuery (in: lpAddress=0x29d034, lpBuffer=0x29e034, dwLength=0x1c | out: lpBuffer=0x29e034*(BaseAddress=0x29d000, AllocationBase=0x260000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0048.996] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29eabc | out: phkResult=0x29eabc*=0x3a8) returned 0x0 [0048.996] RegQueryValueExW (in: hKey=0x3a8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29eb04, lpData=0x0, lpcbData=0x29eb00*=0x0 | out: lpType=0x29eb04*=0x1, lpData=0x0, lpcbData=0x29eb00*=0x56) returned 0x0 [0048.996] RegQueryValueExW (in: hKey=0x3a8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29eb04, lpData=0x367700, lpcbData=0x29eb00*=0x56 | out: lpType=0x29eb04*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29eb00*=0x56) returned 0x0 [0048.996] RegCloseKey (hKey=0x3a8) returned 0x0 [0048.996] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x29eabc | out: phkResult=0x29eabc*=0x3a8) returned 0x0 [0048.997] RegQueryValueExW (in: hKey=0x3a8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29eb04, lpData=0x0, lpcbData=0x29eb00*=0x0 | out: lpType=0x29eb04*=0x1, lpData=0x0, lpcbData=0x29eb00*=0x56) returned 0x0 [0048.997] RegQueryValueExW (in: hKey=0x3a8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x29eb04, lpData=0x367700, lpcbData=0x29eb00*=0x56 | out: lpType=0x29eb04*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x29eb00*=0x56) returned 0x0 [0048.997] RegCloseKey (hKey=0x3a8) returned 0x0 [0048.998] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x367700 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0 [0048.998] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x29e654, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27 [0048.998] GetLastError () returned 0x3f0 [0048.998] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x367700 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0 [0048.999] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x29e654, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27 [0048.999] GetLastError () returned 0x3f0 [0049.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x29e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36 [0049.000] GetLastError () returned 0x3f0 [0049.000] SetErrorMode (uMode=0x1) returned 0x1 [0049.000] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x29eb6c | out: lpFileInformation=0x29eb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0049.000] GetLastError () returned 0x2 [0049.000] SetErrorMode (uMode=0x1) returned 0x1 [0049.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x29e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b [0049.000] GetLastError () returned 0x2 [0049.000] SetErrorMode (uMode=0x1) returned 0x1 [0049.000] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x29eb6c | out: lpFileInformation=0x29eb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0049.000] GetLastError () returned 0x2 [0049.000] SetErrorMode (uMode=0x1) returned 0x1 [0049.000] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x29e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45 [0049.000] GetLastError () returned 0x2 [0049.000] SetErrorMode (uMode=0x1) returned 0x1 [0049.000] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x29eb6c | out: lpFileInformation=0x29eb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0049.001] GetLastError () returned 0x3 [0049.001] SetErrorMode (uMode=0x1) returned 0x1 [0049.001] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x29e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a [0049.001] GetLastError () returned 0x3 [0049.001] SetErrorMode (uMode=0x1) returned 0x1 [0049.001] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x29eb6c | out: lpFileInformation=0x29eb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0049.001] GetLastError () returned 0x3 [0049.001] SetErrorMode (uMode=0x1) returned 0x1 [0049.002] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.002] GetLastError () returned 0xcb [0049.003] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.003] GetLastError () returned 0xcb [0049.006] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.006] GetLastError () returned 0xcb [0049.007] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.007] GetLastError () returned 0xcb [0049.008] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.008] GetLastError () returned 0xcb [0049.016] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.016] GetLastError () returned 0xcb [0049.016] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a8 [0049.016] GetLastError () returned 0x0 [0049.016] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3ac [0049.016] GetLastError () returned 0x0 [0049.016] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b0 [0049.016] GetLastError () returned 0x0 [0049.016] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b4 [0049.016] GetLastError () returned 0x0 [0049.017] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b8 [0049.017] GetLastError () returned 0x0 [0049.017] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3bc [0049.017] GetLastError () returned 0x0 [0049.017] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3dc [0049.017] GetLastError () returned 0x0 [0049.017] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a0 [0049.017] GetLastError () returned 0x0 [0049.017] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c4 [0049.017] GetLastError () returned 0x0 [0049.017] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3c8 [0049.017] GetLastError () returned 0x0 [0049.017] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x328 [0049.017] GetLastError () returned 0x0 [0049.017] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x32c [0049.017] GetLastError () returned 0x0 [0049.019] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.019] GetLastError () returned 0xcb [0049.023] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0049.023] GetLastError () returned 0xcb [0049.024] GetConsoleMode (in: hConsoleHandle=0x0, lpMode=0x29ebac | out: lpMode=0x29ebac) returned 0 [0049.024] GetLastError () returned 0x6 [0049.025] SetEvent (hEvent=0x3b4) returned 1 [0049.025] GetLastError () returned 0x6 [0049.025] SetEvent (hEvent=0x3a8) returned 1 [0049.025] GetLastError () returned 0x6 [0049.025] SetEvent (hEvent=0x3ac) returned 1 [0049.025] GetLastError () returned 0x6 [0049.025] SetEvent (hEvent=0x3b0) returned 1 [0049.025] GetLastError () returned 0x6 [0049.025] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3cc [0049.025] GetLastError () returned 0x0 [0049.026] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.026] GetLastError () returned 0xcb [0049.026] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x29ea10 | out: phkResult=0x29ea10*=0x34c) returned 0x0 [0049.026] RegQueryValueExW (in: hKey=0x34c, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x29ea58, lpData=0x0, lpcbData=0x29ea54*=0x0 | out: lpType=0x29ea58*=0x0, lpData=0x0, lpcbData=0x29ea54*=0x0) returned 0x2 [0050.592] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x38c [0050.592] GetLastError () returned 0x0 [0050.592] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x390 [0050.592] GetLastError () returned 0x0 [0050.592] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x394 [0050.592] GetLastError () returned 0x0 [0050.592] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x398 [0050.592] GetLastError () returned 0x0 [0050.592] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x39c [0050.592] GetLastError () returned 0x0 [0050.592] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3d4 [0050.592] GetLastError () returned 0x0 [0050.592] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c0 [0050.592] GetLastError () returned 0x0 [0050.592] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3e4 [0050.592] GetLastError () returned 0x0 [0050.592] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3e8 [0050.592] GetLastError () returned 0x0 [0050.593] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3ec [0050.593] GetLastError () returned 0x0 [0050.593] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f0 [0050.593] GetLastError () returned 0x0 [0050.593] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f4 [0050.593] GetLastError () returned 0x0 [0050.593] SetEvent (hEvent=0x398) returned 1 [0050.593] GetLastError () returned 0x0 [0050.593] SetEvent (hEvent=0x38c) returned 1 [0050.593] GetLastError () returned 0x0 [0050.593] SetEvent (hEvent=0x390) returned 1 [0050.593] GetLastError () returned 0x0 [0050.593] SetEvent (hEvent=0x394) returned 1 [0050.593] GetLastError () returned 0x0 [0050.593] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f8 [0050.593] GetLastError () returned 0x0 [0050.593] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x29ea44 | out: phkResult=0x29ea44*=0x3fc) returned 0x0 [0050.594] RegQueryValueExW (in: hKey=0x3fc, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x29ea8c, lpData=0x0, lpcbData=0x29ea88*=0x0 | out: lpType=0x29ea8c*=0x0, lpData=0x0, lpcbData=0x29ea88*=0x0) returned 0x2 [0050.633] SetEvent (hEvent=0x39c) returned 1 [0050.634] GetLastError () returned 0x0 [0050.634] SetEvent (hEvent=0x3d4) returned 1 [0050.634] GetLastError () returned 0x0 [0050.634] SetEvent (hEvent=0x3c0) returned 1 [0050.634] GetLastError () returned 0x0 [0050.662] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x367700, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.663] GetLastError () returned 0xcb [0050.669] SetEvent (hEvent=0x344) returned 1 [0050.669] GetLastError () returned 0xcb [0050.670] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x367ec0, nSize=0x29eb20 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x29eb20) returned 0x1 [0050.670] GetLastError () returned 0xcb [0050.670] GetUserNameW (in: lpBuffer=0x367700, pcbBuffer=0x29eb28 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x29eb28) returned 1 [0050.671] ReportEventW (hEventLog=0x4ed0004, wType=0x4, wCategory=0x4, dwEventID=0x193, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32c3f78*="Stopped", lpRawData=0x32c3e34) returned 1 [0050.672] GetLastError () returned 0x0 [0050.673] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1 [0050.673] GetLastError () returned 0x0 [0050.675] CoGetContextToken (in: pToken=0x29f850 | out: pToken=0x29f850) returned 0x0 [0050.675] CObjectContext::QueryInterface () returned 0x0 [0050.675] CObjectContext::GetCurrentThreadType () returned 0x0 [0050.675] Release () returned 0x0 [0050.677] CoGetContextToken (in: pToken=0x29f628 | out: pToken=0x29f628) returned 0x0 [0050.677] CObjectContext::QueryInterface () returned 0x0 [0050.677] CObjectContext::GetCurrentThreadType () returned 0x0 [0050.677] Release () returned 0x0 [0050.680] CoGetContextToken (in: pToken=0x29f628 | out: pToken=0x29f628) returned 0x0 [0050.680] CObjectContext::QueryInterface () returned 0x0 [0050.680] CObjectContext::GetCurrentThreadType () returned 0x0 [0050.680] Release () returned 0x0 [0050.688] CoGetContextToken (in: pToken=0x29f628 | out: pToken=0x29f628) returned 0x0 [0050.688] CObjectContext::QueryInterface () returned 0x0 [0050.688] CObjectContext::GetCurrentThreadType () returned 0x0 [0050.689] Release () returned 0x0 [0050.722] CoGetContextToken (in: pToken=0x29f608 | out: pToken=0x29f608) returned 0x0 [0050.722] CObjectContext::QueryInterface () returned 0x0 [0050.722] CObjectContext::GetCurrentThreadType () returned 0x0 [0050.722] Release () returned 0x0 [0050.724] CoUninitialize () Thread: id = 76 os_tid = 0x60c Thread: id = 77 os_tid = 0x20c Thread: id = 78 os_tid = 0x244 Thread: id = 79 os_tid = 0x7a4 Thread: id = 80 os_tid = 0x174 [0042.949] CoGetContextToken (in: pToken=0x1e9f528 | out: pToken=0x1e9f528) returned 0x0 [0042.949] CObjectContext::QueryInterface () returned 0x0 [0042.950] CObjectContext::GetCurrentThreadType () returned 0x0 [0042.950] Release () returned 0x0 [0042.950] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0046.961] LocalFree (hMem=0x378860) returned 0x0 [0046.961] GetLastError () returned 0x0 [0046.961] CloseHandle (hObject=0x34c) returned 1 [0046.962] GetLastError () returned 0x0 [0046.962] CloseHandle (hObject=0x13) returned 1 [0046.962] GetLastError () returned 0x0 [0046.962] CloseHandle (hObject=0xf) returned 1 [0046.963] GetLastError () returned 0x0 [0046.963] RegCloseKey (hKey=0x330) returned 0x0 [0046.963] RegCloseKey (hKey=0x32c) returned 0x0 [0046.963] RegCloseKey (hKey=0x328) returned 0x0 [0046.963] LocalFree (hMem=0x378880) returned 0x0 [0046.963] GetLastError () returned 0x0 [0046.963] RegCloseKey (hKey=0x358) returned 0x0 [0048.162] RegCloseKey (hKey=0x3d4) returned 0x0 [0048.162] RegCloseKey (hKey=0x39c) returned 0x0 [0048.162] RegCloseKey (hKey=0x398) returned 0x0 [0048.162] RegCloseKey (hKey=0x394) returned 0x0 [0048.163] RegCloseKey (hKey=0x390) returned 0x0 [0048.163] RegCloseKey (hKey=0x38c) returned 0x0 [0048.163] RegCloseKey (hKey=0x388) returned 0x0 [0048.163] RegCloseKey (hKey=0x384) returned 0x0 [0048.163] RegCloseKey (hKey=0x380) returned 0x0 [0048.164] RegCloseKey (hKey=0x3d0) returned 0x0 [0048.164] RegCloseKey (hKey=0x378) returned 0x0 [0048.164] RegCloseKey (hKey=0x374) returned 0x0 [0048.164] RegCloseKey (hKey=0x370) returned 0x0 [0048.164] RegCloseKey (hKey=0x36c) returned 0x0 [0048.165] RegCloseKey (hKey=0x368) returned 0x0 [0048.165] RegCloseKey (hKey=0x364) returned 0x0 [0048.165] RegCloseKey (hKey=0x35c) returned 0x0 [0048.165] RegCloseKey (hKey=0x34c) returned 0x0 [0048.165] RegCloseKey (hKey=0x3cc) returned 0x0 [0048.165] RegCloseKey (hKey=0x32c) returned 0x0 [0048.166] RegCloseKey (hKey=0x328) returned 0x0 [0048.166] RegCloseKey (hKey=0x3c8) returned 0x0 [0048.166] RegCloseKey (hKey=0x3c4) returned 0x0 [0048.166] RegCloseKey (hKey=0x3a0) returned 0x0 [0048.166] RegCloseKey (hKey=0x3dc) returned 0x0 [0048.167] RegCloseKey (hKey=0x3bc) returned 0x0 [0048.167] RegCloseKey (hKey=0x3b8) returned 0x0 [0048.167] RegCloseKey (hKey=0x3b4) returned 0x0 [0048.167] RegCloseKey (hKey=0x3b0) returned 0x0 [0048.168] RegCloseKey (hKey=0x3ac) returned 0x0 [0048.168] RegCloseKey (hKey=0x3a8) returned 0x0 [0048.168] RegCloseKey (hKey=0x3a4) returned 0x0 [0048.168] RegCloseKey (hKey=0x330) returned 0x0 [0048.168] RegCloseKey (hKey=0x3d8) returned 0x0 [0048.168] RegCloseKey (hKey=0x358) returned 0x0 [0050.679] GetLastError () returned 0x0 [0050.679] GetLastError () returned 0x0 [0050.679] LocalFree (hMem=0x361fc8) returned 0x0 [0050.679] GetLastError () returned 0x0 [0050.679] GetLastError () returned 0x0 [0050.679] GetLastError () returned 0x0 [0050.679] LocalFree (hMem=0x361f40) returned 0x0 [0050.679] GetLastError () returned 0x0 [0050.688] DeregisterEventSource (hEventLog=0x4ed0004) returned 1 [0050.689] GetLastError () returned 0x0 [0050.700] CloseHandle (hObject=0x5b) returned 1 [0050.701] GetLastError () returned 0x0 [0050.701] CloseHandle (hObject=0x57) returned 1 [0050.701] GetLastError () returned 0x0 [0050.701] CloseHandle (hObject=0x53) returned 1 [0050.702] GetLastError () returned 0x0 [0050.702] CloseHandle (hObject=0x4f) returned 1 [0050.702] GetLastError () returned 0x0 [0050.702] CloseHandle (hObject=0x4b) returned 1 [0050.702] GetLastError () returned 0x0 [0050.703] CloseHandle (hObject=0x47) returned 1 [0050.703] GetLastError () returned 0x0 [0050.703] CloseHandle (hObject=0x43) returned 1 [0050.703] GetLastError () returned 0x0 [0050.703] CloseHandle (hObject=0x3f) returned 1 [0050.704] GetLastError () returned 0x0 [0050.704] CloseHandle (hObject=0x3b) returned 1 [0050.704] GetLastError () returned 0x0 [0050.704] CloseHandle (hObject=0x37) returned 1 [0050.705] GetLastError () returned 0x0 [0050.705] CloseHandle (hObject=0x33) returned 1 [0050.705] GetLastError () returned 0x0 [0050.705] CloseHandle (hObject=0x2f) returned 1 [0050.705] GetLastError () returned 0x0 [0050.706] CloseHandle (hObject=0x2b) returned 1 [0050.706] GetLastError () returned 0x0 [0050.706] CloseHandle (hObject=0x27) returned 1 [0050.706] GetLastError () returned 0x0 [0050.706] CloseHandle (hObject=0x23) returned 1 [0050.707] GetLastError () returned 0x0 [0050.707] CloseHandle (hObject=0x388) returned 1 [0050.707] GetLastError () returned 0x0 [0050.707] UnmapViewOfFile (lpBaseAddress=0x5280000) returned 1 [0050.708] CloseHandle (hObject=0x1f) returned 1 [0050.708] GetLastError () returned 0x0 [0050.708] CloseHandle (hObject=0x1b) returned 1 [0050.708] GetLastError () returned 0x0 [0050.708] RegCloseKey (hKey=0x34c) returned 0x0 [0050.709] CloseHandle (hObject=0x3cc) returned 1 [0050.709] GetLastError () returned 0x0 [0050.709] CloseHandle (hObject=0x32c) returned 1 [0050.709] GetLastError () returned 0x0 [0050.709] CloseHandle (hObject=0x328) returned 1 [0050.709] GetLastError () returned 0x0 [0050.709] CloseHandle (hObject=0x3c8) returned 1 [0050.709] GetLastError () returned 0x0 [0050.709] CloseHandle (hObject=0x3c4) returned 1 [0050.709] GetLastError () returned 0x0 [0050.710] CloseHandle (hObject=0x3a0) returned 1 [0050.710] GetLastError () returned 0x0 [0050.710] CloseHandle (hObject=0x3dc) returned 1 [0050.710] GetLastError () returned 0x0 [0050.710] CloseHandle (hObject=0x3bc) returned 1 [0050.710] GetLastError () returned 0x0 [0050.710] CloseHandle (hObject=0x3b8) returned 1 [0050.710] GetLastError () returned 0x0 [0050.710] CloseHandle (hObject=0x3b4) returned 1 [0050.711] GetLastError () returned 0x0 [0050.711] CloseHandle (hObject=0x3b0) returned 1 [0050.711] GetLastError () returned 0x0 [0050.711] CloseHandle (hObject=0x3ac) returned 1 [0050.711] GetLastError () returned 0x0 [0050.711] CloseHandle (hObject=0x3a8) returned 1 [0050.711] GetLastError () returned 0x0 [0050.711] CloseHandle (hObject=0x17) returned 1 [0050.712] GetLastError () returned 0x0 [0050.712] CloseHandle (hObject=0x13) returned 1 [0050.712] GetLastError () returned 0x0 [0050.712] RegCloseKey (hKey=0x3fc) returned 0x0 [0050.712] CloseHandle (hObject=0x3f8) returned 1 [0050.712] GetLastError () returned 0x0 [0050.713] CloseHandle (hObject=0x3f4) returned 1 [0050.713] GetLastError () returned 0x0 [0050.713] CloseHandle (hObject=0x3f0) returned 1 [0050.713] GetLastError () returned 0x0 [0050.713] CloseHandle (hObject=0x3ec) returned 1 [0050.713] GetLastError () returned 0x0 [0050.713] CloseHandle (hObject=0x3e8) returned 1 [0050.713] GetLastError () returned 0x0 [0050.713] CloseHandle (hObject=0x3e4) returned 1 [0050.713] GetLastError () returned 0x0 [0050.714] CloseHandle (hObject=0x3c0) returned 1 [0050.714] GetLastError () returned 0x0 [0050.714] CloseHandle (hObject=0x3d4) returned 1 [0050.714] GetLastError () returned 0x0 [0050.714] CloseHandle (hObject=0x39c) returned 1 [0050.714] GetLastError () returned 0x0 [0050.714] CloseHandle (hObject=0x398) returned 1 [0050.714] GetLastError () returned 0x0 [0050.714] CloseHandle (hObject=0x394) returned 1 [0050.714] GetLastError () returned 0x0 [0050.715] CloseHandle (hObject=0x390) returned 1 [0050.715] GetLastError () returned 0x0 [0050.715] CloseHandle (hObject=0x38c) returned 1 [0050.715] GetLastError () returned 0x0 [0050.715] CloseHandle (hObject=0xf) returned 1 [0050.715] GetLastError () returned 0x0 [0050.715] CloseHandle (hObject=0x7f) returned 1 [0050.716] GetLastError () returned 0x0 [0050.716] CloseHandle (hObject=0x7b) returned 1 [0050.716] GetLastError () returned 0x0 [0050.716] CloseHandle (hObject=0x77) returned 1 [0050.717] GetLastError () returned 0x0 [0050.717] CloseHandle (hObject=0x73) returned 1 [0050.717] GetLastError () returned 0x0 [0050.717] CloseHandle (hObject=0x6f) returned 1 [0050.717] GetLastError () returned 0x0 [0050.718] CloseHandle (hObject=0x6b) returned 1 [0050.718] GetLastError () returned 0x0 [0050.718] CloseHandle (hObject=0x344) returned 1 [0050.718] GetLastError () returned 0x0 [0050.718] UnmapViewOfFile (lpBaseAddress=0x28d0000) returned 1 [0050.719] CloseHandle (hObject=0x354) returned 1 [0050.719] GetLastError () returned 0x0 [0050.719] RegCloseKey (hKey=0x80000004) returned 0x0 [0050.719] CloseHandle (hObject=0x310) returned 1 [0050.719] GetLastError () returned 0x0 [0050.719] CloseHandle (hObject=0x67) returned 1 [0050.720] GetLastError () returned 0x0 [0050.720] CloseHandle (hObject=0x63) returned 1 [0050.720] GetLastError () returned 0x0 [0050.720] CloseHandle (hObject=0x5f) returned 1 [0050.721] GetLastError () returned 0x0 Thread: id = 81 os_tid = 0x15c [0049.033] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0049.086] SetThreadUILanguage (LangId=0x0) returned 0x409 [0049.095] VirtualQuery (in: lpAddress=0x5e2e390, lpBuffer=0x5e2f390, dwLength=0x1c | out: lpBuffer=0x5e2f390*(BaseAddress=0x5e2e000, AllocationBase=0x54a0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0049.099] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9a60, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.099] GetLastError () returned 0xcb [0049.102] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9a60, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.102] GetLastError () returned 0xcb [0049.104] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9a60, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.104] GetLastError () returned 0xcb [0049.115] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9a60, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.115] GetLastError () returned 0xcb [0049.118] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9a60, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.118] GetLastError () returned 0xcb [0049.119] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9a60, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.119] GetLastError () returned 0xcb [0049.137] VirtualQuery (in: lpAddress=0x5e2e4ac, lpBuffer=0x5e2f4ac, dwLength=0x1c | out: lpBuffer=0x5e2f4ac*(BaseAddress=0x5e2e000, AllocationBase=0x54a0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0049.138] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9a60, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.138] GetLastError () returned 0xcb [0049.140] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9a60, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.140] GetLastError () returned 0xcb [0049.140] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9a60, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.140] GetLastError () returned 0xcb [0049.150] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9a60, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.150] GetLastError () returned 0xcb [0049.168] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9a60, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.168] GetLastError () returned 0xcb [0049.204] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9a60, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.204] GetLastError () returned 0xcb [0049.205] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9a60, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.205] GetLastError () returned 0xcb [0049.206] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9a60, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.206] GetLastError () returned 0xcb [0049.208] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9a60, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.208] GetLastError () returned 0xcb [0049.209] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9a60, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.209] GetLastError () returned 0xcb [0049.210] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9a60, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.210] GetLastError () returned 0xcb [0049.211] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9a60, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.211] GetLastError () returned 0xcb [0049.234] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9a60, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.234] GetLastError () returned 0xcb [0049.291] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x3c9ab8, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0049.291] GetLastError () returned 0xcb [0049.295] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x3c9ab8, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0049.295] GetLastError () returned 0xcb [0049.307] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3cac58 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0049.307] GetLastError () returned 0xcb [0049.320] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.320] GetLastError () returned 0xcb [0049.321] SetErrorMode (uMode=0x1) returned 0x1 [0049.324] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.ps1", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.324] GetLastError () returned 0x2 [0049.324] SetErrorMode (uMode=0x1) returned 0x1 [0049.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.326] GetLastError () returned 0x2 [0049.326] SetErrorMode (uMode=0x1) returned 0x1 [0049.326] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.psm1", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.327] GetLastError () returned 0x2 [0049.327] SetErrorMode (uMode=0x1) returned 0x1 [0049.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.327] GetLastError () returned 0x2 [0049.327] SetErrorMode (uMode=0x1) returned 0x1 [0049.327] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.psd1", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.327] GetLastError () returned 0x2 [0049.327] SetErrorMode (uMode=0x1) returned 0x1 [0049.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.327] GetLastError () returned 0x2 [0049.327] SetErrorMode (uMode=0x1) returned 0x1 [0049.327] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.COM", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.328] GetLastError () returned 0x2 [0049.328] SetErrorMode (uMode=0x1) returned 0x1 [0049.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.328] GetLastError () returned 0x2 [0049.328] SetErrorMode (uMode=0x1) returned 0x1 [0049.328] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.EXE", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.328] GetLastError () returned 0x2 [0049.328] SetErrorMode (uMode=0x1) returned 0x1 [0049.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.328] GetLastError () returned 0x2 [0049.328] SetErrorMode (uMode=0x1) returned 0x1 [0049.328] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.BAT", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.328] GetLastError () returned 0x2 [0049.328] SetErrorMode (uMode=0x1) returned 0x1 [0049.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.329] GetLastError () returned 0x2 [0049.329] SetErrorMode (uMode=0x1) returned 0x1 [0049.329] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.CMD", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.329] GetLastError () returned 0x2 [0049.329] SetErrorMode (uMode=0x1) returned 0x1 [0049.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.329] GetLastError () returned 0x2 [0049.329] SetErrorMode (uMode=0x1) returned 0x1 [0049.329] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.VBS", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.329] GetLastError () returned 0x2 [0049.329] SetErrorMode (uMode=0x1) returned 0x1 [0049.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.330] GetLastError () returned 0x2 [0049.330] SetErrorMode (uMode=0x1) returned 0x1 [0049.330] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.VBE", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.330] GetLastError () returned 0x2 [0049.330] SetErrorMode (uMode=0x1) returned 0x1 [0049.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.330] GetLastError () returned 0x2 [0049.330] SetErrorMode (uMode=0x1) returned 0x1 [0049.330] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.JS", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.330] GetLastError () returned 0x2 [0049.330] SetErrorMode (uMode=0x1) returned 0x1 [0049.330] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.330] GetLastError () returned 0x2 [0049.331] SetErrorMode (uMode=0x1) returned 0x1 [0049.331] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.JSE", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.331] GetLastError () returned 0x2 [0049.331] SetErrorMode (uMode=0x1) returned 0x1 [0049.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.331] GetLastError () returned 0x2 [0049.331] SetErrorMode (uMode=0x1) returned 0x1 [0049.331] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.WSF", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.331] GetLastError () returned 0x2 [0049.331] SetErrorMode (uMode=0x1) returned 0x1 [0049.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.331] GetLastError () returned 0x2 [0049.331] SetErrorMode (uMode=0x1) returned 0x1 [0049.331] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.WSH", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.332] GetLastError () returned 0x2 [0049.332] SetErrorMode (uMode=0x1) returned 0x1 [0049.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.332] GetLastError () returned 0x2 [0049.332] SetErrorMode (uMode=0x1) returned 0x1 [0049.332] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.MSC", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.332] GetLastError () returned 0x2 [0049.332] SetErrorMode (uMode=0x1) returned 0x1 [0049.332] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0049.332] GetLastError () returned 0x2 [0049.332] SetErrorMode (uMode=0x1) returned 0x1 [0049.332] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.333] GetLastError () returned 0x2 [0049.333] SetErrorMode (uMode=0x1) returned 0x1 [0049.335] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0049.335] GetLastError () returned 0x2 [0049.335] SetErrorMode (uMode=0x1) returned 0x1 [0049.335] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.ps1", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.335] GetLastError () returned 0x2 [0049.335] SetErrorMode (uMode=0x1) returned 0x1 [0049.335] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0049.335] GetLastError () returned 0x2 [0049.335] SetErrorMode (uMode=0x1) returned 0x1 [0049.335] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.psm1", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.335] GetLastError () returned 0x2 [0049.335] SetErrorMode (uMode=0x1) returned 0x1 [0049.336] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0049.336] GetLastError () returned 0x2 [0049.336] SetErrorMode (uMode=0x1) returned 0x1 [0049.336] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.psd1", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.336] GetLastError () returned 0x2 [0049.336] SetErrorMode (uMode=0x1) returned 0x1 [0049.336] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0049.336] GetLastError () returned 0x2 [0049.336] SetErrorMode (uMode=0x1) returned 0x1 [0049.336] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.COM", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.336] GetLastError () returned 0x2 [0049.336] SetErrorMode (uMode=0x1) returned 0x1 [0049.336] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0049.336] GetLastError () returned 0x2 [0049.337] SetErrorMode (uMode=0x1) returned 0x1 [0049.337] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.EXE", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.337] GetLastError () returned 0x2 [0049.337] SetErrorMode (uMode=0x1) returned 0x1 [0049.337] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0049.337] GetLastError () returned 0x2 [0049.337] SetErrorMode (uMode=0x1) returned 0x1 [0049.337] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.BAT", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.337] GetLastError () returned 0x2 [0049.337] SetErrorMode (uMode=0x1) returned 0x1 [0049.338] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0049.338] GetLastError () returned 0x2 [0049.338] SetErrorMode (uMode=0x1) returned 0x1 [0049.338] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.CMD", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.338] GetLastError () returned 0x2 [0049.338] SetErrorMode (uMode=0x1) returned 0x1 [0049.338] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0049.338] GetLastError () returned 0x2 [0049.338] SetErrorMode (uMode=0x1) returned 0x1 [0049.338] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.VBS", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.338] GetLastError () returned 0x2 [0049.338] SetErrorMode (uMode=0x1) returned 0x1 [0049.338] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0049.338] GetLastError () returned 0x2 [0049.338] SetErrorMode (uMode=0x1) returned 0x1 [0049.339] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.VBE", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.339] GetLastError () returned 0x2 [0049.339] SetErrorMode (uMode=0x1) returned 0x1 [0049.339] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0049.339] GetLastError () returned 0x2 [0049.339] SetErrorMode (uMode=0x1) returned 0x1 [0049.339] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.JS", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.339] GetLastError () returned 0x2 [0049.339] SetErrorMode (uMode=0x1) returned 0x1 [0049.339] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0049.339] GetLastError () returned 0x2 [0049.339] SetErrorMode (uMode=0x1) returned 0x1 [0049.340] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.JSE", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.340] GetLastError () returned 0x2 [0049.340] SetErrorMode (uMode=0x1) returned 0x1 [0049.340] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0049.340] GetLastError () returned 0x2 [0049.340] SetErrorMode (uMode=0x1) returned 0x1 [0049.340] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.WSF", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.340] GetLastError () returned 0x2 [0049.340] SetErrorMode (uMode=0x1) returned 0x1 [0049.340] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0049.340] GetLastError () returned 0x2 [0049.340] SetErrorMode (uMode=0x1) returned 0x1 [0049.340] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.WSH", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.341] GetLastError () returned 0x2 [0049.341] SetErrorMode (uMode=0x1) returned 0x1 [0049.341] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0049.341] GetLastError () returned 0x2 [0049.341] SetErrorMode (uMode=0x1) returned 0x1 [0049.341] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.MSC", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.341] GetLastError () returned 0x2 [0049.341] SetErrorMode (uMode=0x1) returned 0x1 [0049.341] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0049.341] GetLastError () returned 0x2 [0049.341] SetErrorMode (uMode=0x1) returned 0x1 [0049.341] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.341] GetLastError () returned 0x2 [0049.342] SetErrorMode (uMode=0x1) returned 0x1 [0049.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0049.342] GetLastError () returned 0x2 [0049.342] SetErrorMode (uMode=0x1) returned 0x1 [0049.342] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.ps1", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.342] GetLastError () returned 0x2 [0049.342] SetErrorMode (uMode=0x1) returned 0x1 [0049.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0049.342] GetLastError () returned 0x2 [0049.342] SetErrorMode (uMode=0x1) returned 0x1 [0049.342] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.psm1", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.342] GetLastError () returned 0x2 [0049.343] SetErrorMode (uMode=0x1) returned 0x1 [0049.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0049.343] GetLastError () returned 0x2 [0049.343] SetErrorMode (uMode=0x1) returned 0x1 [0049.343] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.psd1", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.343] GetLastError () returned 0x2 [0049.343] SetErrorMode (uMode=0x1) returned 0x1 [0049.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0049.343] GetLastError () returned 0x2 [0049.343] SetErrorMode (uMode=0x1) returned 0x1 [0049.343] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.COM", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.343] GetLastError () returned 0x2 [0049.343] SetErrorMode (uMode=0x1) returned 0x1 [0049.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0049.344] GetLastError () returned 0x2 [0049.344] SetErrorMode (uMode=0x1) returned 0x1 [0049.344] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.EXE", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.344] GetLastError () returned 0x2 [0049.344] SetErrorMode (uMode=0x1) returned 0x1 [0049.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0049.344] GetLastError () returned 0x2 [0049.344] SetErrorMode (uMode=0x1) returned 0x1 [0049.344] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.BAT", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.344] GetLastError () returned 0x2 [0049.344] SetErrorMode (uMode=0x1) returned 0x1 [0049.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0049.344] GetLastError () returned 0x2 [0049.344] SetErrorMode (uMode=0x1) returned 0x1 [0049.345] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.CMD", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.345] GetLastError () returned 0x2 [0049.345] SetErrorMode (uMode=0x1) returned 0x1 [0049.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0049.345] GetLastError () returned 0x2 [0049.345] SetErrorMode (uMode=0x1) returned 0x1 [0049.345] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.VBS", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.345] GetLastError () returned 0x2 [0049.345] SetErrorMode (uMode=0x1) returned 0x1 [0049.345] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0049.345] GetLastError () returned 0x2 [0049.345] SetErrorMode (uMode=0x1) returned 0x1 [0049.345] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.VBE", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.346] GetLastError () returned 0x2 [0049.346] SetErrorMode (uMode=0x1) returned 0x1 [0049.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0049.346] GetLastError () returned 0x2 [0049.346] SetErrorMode (uMode=0x1) returned 0x1 [0049.346] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.JS", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.346] GetLastError () returned 0x2 [0049.346] SetErrorMode (uMode=0x1) returned 0x1 [0049.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0049.346] GetLastError () returned 0x2 [0049.346] SetErrorMode (uMode=0x1) returned 0x1 [0049.346] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.JSE", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.346] GetLastError () returned 0x2 [0049.346] SetErrorMode (uMode=0x1) returned 0x1 [0049.346] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0049.347] GetLastError () returned 0x2 [0049.347] SetErrorMode (uMode=0x1) returned 0x1 [0049.347] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.WSF", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.347] GetLastError () returned 0x2 [0049.347] SetErrorMode (uMode=0x1) returned 0x1 [0049.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0049.347] GetLastError () returned 0x2 [0049.347] SetErrorMode (uMode=0x1) returned 0x1 [0049.347] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.WSH", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.347] GetLastError () returned 0x2 [0049.347] SetErrorMode (uMode=0x1) returned 0x1 [0049.347] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0049.347] GetLastError () returned 0x2 [0049.347] SetErrorMode (uMode=0x1) returned 0x1 [0049.347] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.MSC", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.348] GetLastError () returned 0x2 [0049.348] SetErrorMode (uMode=0x1) returned 0x1 [0049.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0049.348] GetLastError () returned 0x2 [0049.348] SetErrorMode (uMode=0x1) returned 0x1 [0049.348] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.348] GetLastError () returned 0x2 [0049.348] SetErrorMode (uMode=0x1) returned 0x1 [0049.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0049.348] GetLastError () returned 0x2 [0049.348] SetErrorMode (uMode=0x1) returned 0x1 [0049.348] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.ps1", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.349] GetLastError () returned 0x2 [0049.349] SetErrorMode (uMode=0x1) returned 0x1 [0049.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0049.349] GetLastError () returned 0x2 [0049.349] SetErrorMode (uMode=0x1) returned 0x1 [0049.349] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.psm1", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.349] GetLastError () returned 0x2 [0049.349] SetErrorMode (uMode=0x1) returned 0x1 [0049.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0049.349] GetLastError () returned 0x2 [0049.349] SetErrorMode (uMode=0x1) returned 0x1 [0049.349] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.psd1", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.349] GetLastError () returned 0x2 [0049.349] SetErrorMode (uMode=0x1) returned 0x1 [0049.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0049.350] GetLastError () returned 0x2 [0049.350] SetErrorMode (uMode=0x1) returned 0x1 [0049.350] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.COM", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.350] GetLastError () returned 0x2 [0049.350] SetErrorMode (uMode=0x1) returned 0x1 [0049.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0049.350] GetLastError () returned 0x2 [0049.350] SetErrorMode (uMode=0x1) returned 0x1 [0049.350] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.EXE", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.350] GetLastError () returned 0x2 [0049.350] SetErrorMode (uMode=0x1) returned 0x1 [0049.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0049.350] GetLastError () returned 0x2 [0049.350] SetErrorMode (uMode=0x1) returned 0x1 [0049.351] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.BAT", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.351] GetLastError () returned 0x2 [0049.351] SetErrorMode (uMode=0x1) returned 0x1 [0049.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0049.351] GetLastError () returned 0x2 [0049.351] SetErrorMode (uMode=0x1) returned 0x1 [0049.351] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.CMD", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.351] GetLastError () returned 0x2 [0049.351] SetErrorMode (uMode=0x1) returned 0x1 [0049.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0049.351] GetLastError () returned 0x2 [0049.351] SetErrorMode (uMode=0x1) returned 0x1 [0049.351] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.VBS", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.352] GetLastError () returned 0x2 [0049.352] SetErrorMode (uMode=0x1) returned 0x1 [0049.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0049.352] GetLastError () returned 0x2 [0049.352] SetErrorMode (uMode=0x1) returned 0x1 [0049.352] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.VBE", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.352] GetLastError () returned 0x2 [0049.352] SetErrorMode (uMode=0x1) returned 0x1 [0049.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0049.352] GetLastError () returned 0x2 [0049.352] SetErrorMode (uMode=0x1) returned 0x1 [0049.352] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.JS", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.352] GetLastError () returned 0x2 [0049.353] SetErrorMode (uMode=0x1) returned 0x1 [0049.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0049.353] GetLastError () returned 0x2 [0049.353] SetErrorMode (uMode=0x1) returned 0x1 [0049.353] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.JSE", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.353] GetLastError () returned 0x2 [0049.353] SetErrorMode (uMode=0x1) returned 0x1 [0049.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0049.353] GetLastError () returned 0x2 [0049.353] SetErrorMode (uMode=0x1) returned 0x1 [0049.353] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.WSF", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.354] GetLastError () returned 0x2 [0049.354] SetErrorMode (uMode=0x1) returned 0x1 [0049.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0049.354] GetLastError () returned 0x2 [0049.354] SetErrorMode (uMode=0x1) returned 0x1 [0049.354] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.WSH", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.354] GetLastError () returned 0x2 [0049.354] SetErrorMode (uMode=0x1) returned 0x1 [0049.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0049.354] GetLastError () returned 0x2 [0049.354] SetErrorMode (uMode=0x1) returned 0x1 [0049.354] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.MSC", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.354] GetLastError () returned 0x2 [0049.354] SetErrorMode (uMode=0x1) returned 0x1 [0049.355] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5e2eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0049.355] GetLastError () returned 0x2 [0049.355] SetErrorMode (uMode=0x1) returned 0x1 [0049.355] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference", lpFindFileData=0x3cac58 | out: lpFindFileData=0x3cac58*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0049.355] GetLastError () returned 0x2 [0049.355] SetErrorMode (uMode=0x1) returned 0x1 [0049.359] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9ab8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.359] GetLastError () returned 0xcb [0049.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5e2eb7c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.361] GetLastError () returned 0x2 [0049.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5e2eb2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.362] GetLastError () returned 0x2 [0049.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5e2eb2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.362] GetLastError () returned 0x2 [0049.362] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5e2eb2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.362] GetLastError () returned 0x2 [0049.415] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9ab8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.415] GetLastError () returned 0xcb [0049.603] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9ab8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.603] GetLastError () returned 0xcb [0049.607] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9ab8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.607] GetLastError () returned 0xcb [0049.631] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9ab8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.631] GetLastError () returned 0xcb [0049.652] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9ab8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.652] GetLastError () returned 0xcb [0049.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9ab8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.654] GetLastError () returned 0xcb [0049.669] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9ab8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.669] GetLastError () returned 0xcb [0049.771] VirtualQuery (in: lpAddress=0x5e2db7c, lpBuffer=0x5e2eb7c, dwLength=0x1c | out: lpBuffer=0x5e2eb7c*(BaseAddress=0x5e2d000, AllocationBase=0x54a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0049.789] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9ab8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.789] GetLastError () returned 0xcb [0049.839] VirtualQuery (in: lpAddress=0x5e2db7c, lpBuffer=0x5e2eb7c, dwLength=0x1c | out: lpBuffer=0x5e2eb7c*(BaseAddress=0x5e2d000, AllocationBase=0x54a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0049.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5e2e1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.843] GetLastError () returned 0xcb [0049.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5e2e160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.843] GetLastError () returned 0xcb [0049.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5e2e160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.843] GetLastError () returned 0xcb [0049.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5e2e160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.843] GetLastError () returned 0xcb [0049.867] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5e2e1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.867] GetLastError () returned 0xcb [0049.867] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5e2e160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.867] GetLastError () returned 0xcb [0049.867] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5e2e160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.867] GetLastError () returned 0xcb [0049.903] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0049.903] GetLastError () returned 0xcb [0049.903] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5e2e6c0 | out: lpConsoleScreenBufferInfo=0x5e2e6c0) returned 1 [0049.904] GetLastError () returned 0xcb [0049.906] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9ab8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.906] GetLastError () returned 0xcb [0049.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5e2e1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.911] GetLastError () returned 0xcb [0049.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5e2e1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.911] GetLastError () returned 0xcb [0049.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5e2e1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0049.911] GetLastError () returned 0xcb [0050.005] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x3c9ab8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.005] GetLastError () returned 0xcb [0050.078] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13 [0050.079] GetLastError () returned 0xcb [0050.079] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x5e2edd4 | out: lpConsoleScreenBufferInfo=0x5e2edd4) returned 1 [0050.079] GetLastError () returned 0xcb [0050.082] GetConsoleOutputCP () returned 0x1b5 [0050.084] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed30, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed30) returned 0 [0050.084] GetLastError () returned 0xcb [0050.085] GetConsoleOutputCP () returned 0x1b5 [0050.085] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed30, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed30) returned 0 [0050.085] GetLastError () returned 0xcb [0050.085] GetConsoleOutputCP () returned 0x1b5 [0050.085] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.085] GetLastError () returned 0xcb [0050.085] GetConsoleOutputCP () returned 0x1b5 [0050.085] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.085] GetLastError () returned 0xcb [0050.085] GetConsoleOutputCP () returned 0x1b5 [0050.085] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.085] GetLastError () returned 0xcb [0050.085] GetConsoleOutputCP () returned 0x1b5 [0050.086] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.086] GetLastError () returned 0xcb [0050.086] GetConsoleOutputCP () returned 0x1b5 [0050.086] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.086] GetLastError () returned 0xcb [0050.086] GetConsoleOutputCP () returned 0x1b5 [0050.086] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.086] GetLastError () returned 0xcb [0050.086] GetConsoleOutputCP () returned 0x1b5 [0050.086] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.086] GetLastError () returned 0xcb [0050.086] GetConsoleOutputCP () returned 0x1b5 [0050.086] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.086] GetLastError () returned 0xcb [0050.086] GetConsoleOutputCP () returned 0x1b5 [0050.086] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.086] GetLastError () returned 0xcb [0050.086] GetConsoleOutputCP () returned 0x1b5 [0050.087] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.087] GetLastError () returned 0xcb [0050.087] GetConsoleOutputCP () returned 0x1b5 [0050.087] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.087] GetLastError () returned 0xcb [0050.087] GetConsoleOutputCP () returned 0x1b5 [0050.087] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.087] GetLastError () returned 0xcb [0050.087] GetConsoleOutputCP () returned 0x1b5 [0050.087] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.087] GetLastError () returned 0xcb [0050.087] GetConsoleOutputCP () returned 0x1b5 [0050.087] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.087] GetLastError () returned 0xcb [0050.087] GetConsoleOutputCP () returned 0x1b5 [0050.087] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.087] GetLastError () returned 0xcb [0050.087] GetConsoleOutputCP () returned 0x1b5 [0050.087] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.088] GetLastError () returned 0xcb [0050.088] GetConsoleOutputCP () returned 0x1b5 [0050.088] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.088] GetLastError () returned 0xcb [0050.088] GetConsoleOutputCP () returned 0x1b5 [0050.088] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.088] GetLastError () returned 0xcb [0050.088] GetConsoleOutputCP () returned 0x1b5 [0050.088] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.088] GetLastError () returned 0xcb [0050.088] GetConsoleOutputCP () returned 0x1b5 [0050.088] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.088] GetLastError () returned 0xcb [0050.088] GetConsoleOutputCP () returned 0x1b5 [0050.088] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.088] GetLastError () returned 0xcb [0050.088] GetConsoleOutputCP () returned 0x1b5 [0050.088] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.088] GetLastError () returned 0xcb [0050.088] GetConsoleOutputCP () returned 0x1b5 [0050.089] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.089] GetLastError () returned 0xcb [0050.089] GetConsoleOutputCP () returned 0x1b5 [0050.089] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.089] GetLastError () returned 0xcb [0050.089] GetConsoleOutputCP () returned 0x1b5 [0050.089] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.089] GetLastError () returned 0xcb [0050.089] GetConsoleOutputCP () returned 0x1b5 [0050.089] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.089] GetLastError () returned 0xcb [0050.089] GetConsoleOutputCP () returned 0x1b5 [0050.089] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.089] GetLastError () returned 0xcb [0050.089] GetConsoleOutputCP () returned 0x1b5 [0050.089] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.089] GetLastError () returned 0xcb [0050.089] GetConsoleOutputCP () returned 0x1b5 [0050.090] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.090] GetLastError () returned 0xcb [0050.090] GetConsoleOutputCP () returned 0x1b5 [0050.090] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.090] GetLastError () returned 0xcb [0050.090] GetConsoleOutputCP () returned 0x1b5 [0050.090] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.090] GetLastError () returned 0xcb [0050.090] GetConsoleOutputCP () returned 0x1b5 [0050.090] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.090] GetLastError () returned 0xcb [0050.090] GetConsoleOutputCP () returned 0x1b5 [0050.090] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.090] GetLastError () returned 0xcb [0050.090] GetConsoleOutputCP () returned 0x1b5 [0050.090] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.090] GetLastError () returned 0xcb [0050.090] GetConsoleOutputCP () returned 0x1b5 [0050.090] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.090] GetLastError () returned 0xcb [0050.090] GetConsoleOutputCP () returned 0x1b5 [0050.091] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.091] GetLastError () returned 0xcb [0050.091] GetConsoleOutputCP () returned 0x1b5 [0050.091] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.091] GetLastError () returned 0xcb [0050.091] GetConsoleOutputCP () returned 0x1b5 [0050.091] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.091] GetLastError () returned 0xcb [0050.091] GetConsoleOutputCP () returned 0x1b5 [0050.091] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.091] GetLastError () returned 0xcb [0050.091] GetConsoleOutputCP () returned 0x1b5 [0050.091] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.091] GetLastError () returned 0xcb [0050.091] GetConsoleOutputCP () returned 0x1b5 [0050.091] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.091] GetLastError () returned 0xcb [0050.091] GetConsoleOutputCP () returned 0x1b5 [0050.092] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.092] GetLastError () returned 0xcb [0050.092] GetConsoleOutputCP () returned 0x1b5 [0050.092] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.092] GetLastError () returned 0xcb [0050.092] GetConsoleOutputCP () returned 0x1b5 [0050.092] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.092] GetLastError () returned 0xcb [0050.092] GetConsoleOutputCP () returned 0x1b5 [0050.092] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.092] GetLastError () returned 0xcb [0050.092] GetConsoleOutputCP () returned 0x1b5 [0050.092] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.092] GetLastError () returned 0xcb [0050.092] GetConsoleOutputCP () returned 0x1b5 [0050.092] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.092] GetLastError () returned 0xcb [0050.092] GetConsoleOutputCP () returned 0x1b5 [0050.092] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.093] GetLastError () returned 0xcb [0050.093] GetConsoleOutputCP () returned 0x1b5 [0050.093] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.093] GetLastError () returned 0xcb [0050.093] GetConsoleOutputCP () returned 0x1b5 [0050.093] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.093] GetLastError () returned 0xcb [0050.093] GetConsoleOutputCP () returned 0x1b5 [0050.093] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.093] GetLastError () returned 0xcb [0050.093] GetConsoleOutputCP () returned 0x1b5 [0050.093] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.093] GetLastError () returned 0xcb [0050.093] GetConsoleOutputCP () returned 0x1b5 [0050.093] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.093] GetLastError () returned 0xcb [0050.093] GetConsoleOutputCP () returned 0x1b5 [0050.093] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.093] GetLastError () returned 0xcb [0050.093] GetConsoleOutputCP () returned 0x1b5 [0050.094] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.094] GetLastError () returned 0xcb [0050.094] GetConsoleOutputCP () returned 0x1b5 [0050.094] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.094] GetLastError () returned 0xcb [0050.094] GetConsoleOutputCP () returned 0x1b5 [0050.094] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.094] GetLastError () returned 0xcb [0050.094] GetConsoleOutputCP () returned 0x1b5 [0050.094] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.094] GetLastError () returned 0xcb [0050.094] GetConsoleOutputCP () returned 0x1b5 [0050.094] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.094] GetLastError () returned 0xcb [0050.094] GetConsoleOutputCP () returned 0x1b5 [0050.094] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.094] GetLastError () returned 0xcb [0050.094] GetConsoleOutputCP () returned 0x1b5 [0050.095] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.095] GetLastError () returned 0xcb [0050.095] GetConsoleOutputCP () returned 0x1b5 [0050.095] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.095] GetLastError () returned 0xcb [0050.095] GetConsoleOutputCP () returned 0x1b5 [0050.095] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.095] GetLastError () returned 0xcb [0050.095] GetConsoleOutputCP () returned 0x1b5 [0050.095] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.095] GetLastError () returned 0xcb [0050.095] GetConsoleOutputCP () returned 0x1b5 [0050.095] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.095] GetLastError () returned 0xcb [0050.095] GetConsoleOutputCP () returned 0x1b5 [0050.095] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.095] GetLastError () returned 0xcb [0050.095] GetConsoleOutputCP () returned 0x1b5 [0050.095] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.095] GetLastError () returned 0xcb [0050.095] GetConsoleOutputCP () returned 0x1b5 [0050.096] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.096] GetLastError () returned 0xcb [0050.096] GetConsoleOutputCP () returned 0x1b5 [0050.096] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.096] GetLastError () returned 0xcb [0050.096] GetConsoleOutputCP () returned 0x1b5 [0050.096] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.096] GetLastError () returned 0xcb [0050.096] GetConsoleOutputCP () returned 0x1b5 [0050.096] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.096] GetLastError () returned 0xcb [0050.096] GetConsoleOutputCP () returned 0x1b5 [0050.096] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.096] GetLastError () returned 0xcb [0050.096] GetConsoleOutputCP () returned 0x1b5 [0050.096] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.096] GetLastError () returned 0xcb [0050.096] GetConsoleOutputCP () returned 0x1b5 [0050.097] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.097] GetLastError () returned 0xcb [0050.097] GetConsoleOutputCP () returned 0x1b5 [0050.097] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.097] GetLastError () returned 0xcb [0050.097] GetConsoleOutputCP () returned 0x1b5 [0050.097] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.097] GetLastError () returned 0xcb [0050.097] GetConsoleOutputCP () returned 0x1b5 [0050.097] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.097] GetLastError () returned 0xcb [0050.097] GetConsoleOutputCP () returned 0x1b5 [0050.097] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.097] GetLastError () returned 0xcb [0050.097] GetConsoleOutputCP () returned 0x1b5 [0050.097] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.097] GetLastError () returned 0xcb [0050.097] GetConsoleOutputCP () returned 0x1b5 [0050.097] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed30, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed30) returned 0 [0050.098] GetLastError () returned 0xcb [0050.098] GetConsoleOutputCP () returned 0x1b5 [0050.098] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.098] GetLastError () returned 0xcb [0050.098] GetConsoleOutputCP () returned 0x1b5 [0050.098] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.098] GetLastError () returned 0xcb [0050.098] GetConsoleOutputCP () returned 0x1b5 [0050.098] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.098] GetLastError () returned 0xcb [0050.098] GetConsoleOutputCP () returned 0x1b5 [0050.098] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.098] GetLastError () returned 0xcb [0050.098] GetConsoleOutputCP () returned 0x1b5 [0050.098] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.098] GetLastError () returned 0xcb [0050.098] GetConsoleOutputCP () returned 0x1b5 [0050.098] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.098] GetLastError () returned 0xcb [0050.098] GetConsoleOutputCP () returned 0x1b5 [0050.099] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.099] GetLastError () returned 0xcb [0050.099] GetConsoleOutputCP () returned 0x1b5 [0050.099] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.099] GetLastError () returned 0xcb [0050.099] GetConsoleOutputCP () returned 0x1b5 [0050.099] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.099] GetLastError () returned 0xcb [0050.099] GetConsoleOutputCP () returned 0x1b5 [0050.099] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.099] GetLastError () returned 0xcb [0050.099] GetConsoleOutputCP () returned 0x1b5 [0050.099] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.099] GetLastError () returned 0xcb [0050.099] GetConsoleOutputCP () returned 0x1b5 [0050.099] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.099] GetLastError () returned 0xcb [0050.099] GetConsoleOutputCP () returned 0x1b5 [0050.100] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.100] GetLastError () returned 0xcb [0050.100] GetConsoleOutputCP () returned 0x1b5 [0050.100] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.100] GetLastError () returned 0xcb [0050.100] GetConsoleOutputCP () returned 0x1b5 [0050.100] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.100] GetLastError () returned 0xcb [0050.100] GetConsoleOutputCP () returned 0x1b5 [0050.100] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.100] GetLastError () returned 0xcb [0050.100] GetConsoleOutputCP () returned 0x1b5 [0050.100] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.100] GetLastError () returned 0xcb [0050.100] GetConsoleOutputCP () returned 0x1b5 [0050.100] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.100] GetLastError () returned 0xcb [0050.100] GetConsoleOutputCP () returned 0x1b5 [0050.100] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.100] GetLastError () returned 0xcb [0050.100] GetConsoleOutputCP () returned 0x1b5 [0050.101] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.101] GetLastError () returned 0xcb [0050.101] GetConsoleOutputCP () returned 0x1b5 [0050.101] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.101] GetLastError () returned 0xcb [0050.101] GetConsoleOutputCP () returned 0x1b5 [0050.101] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.101] GetLastError () returned 0xcb [0050.101] GetConsoleOutputCP () returned 0x1b5 [0050.101] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.101] GetLastError () returned 0xcb [0050.101] GetConsoleOutputCP () returned 0x1b5 [0050.101] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.101] GetLastError () returned 0xcb [0050.101] GetConsoleOutputCP () returned 0x1b5 [0050.101] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.101] GetLastError () returned 0xcb [0050.101] GetConsoleOutputCP () returned 0x1b5 [0050.102] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.102] GetLastError () returned 0xcb [0050.102] GetConsoleOutputCP () returned 0x1b5 [0050.102] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.102] GetLastError () returned 0xcb [0050.102] GetConsoleOutputCP () returned 0x1b5 [0050.102] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.102] GetLastError () returned 0xcb [0050.102] GetConsoleOutputCP () returned 0x1b5 [0050.102] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.102] GetLastError () returned 0xcb [0050.102] GetConsoleOutputCP () returned 0x1b5 [0050.102] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.102] GetLastError () returned 0xcb [0050.102] GetConsoleOutputCP () returned 0x1b5 [0050.103] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.103] GetLastError () returned 0xcb [0050.103] GetConsoleOutputCP () returned 0x1b5 [0050.103] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.103] GetLastError () returned 0xcb [0050.103] GetConsoleOutputCP () returned 0x1b5 [0050.103] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.103] GetLastError () returned 0xcb [0050.103] GetConsoleOutputCP () returned 0x1b5 [0050.103] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.103] GetLastError () returned 0xcb [0050.103] GetConsoleOutputCP () returned 0x1b5 [0050.103] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.103] GetLastError () returned 0xcb [0050.103] GetConsoleOutputCP () returned 0x1b5 [0050.103] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.103] GetLastError () returned 0xcb [0050.103] GetConsoleOutputCP () returned 0x1b5 [0050.103] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.104] GetLastError () returned 0xcb [0050.104] GetConsoleOutputCP () returned 0x1b5 [0050.104] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.104] GetLastError () returned 0xcb [0050.104] GetConsoleOutputCP () returned 0x1b5 [0050.104] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.104] GetLastError () returned 0xcb [0050.104] GetConsoleOutputCP () returned 0x1b5 [0050.104] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.104] GetLastError () returned 0xcb [0050.104] GetConsoleOutputCP () returned 0x1b5 [0050.104] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.104] GetLastError () returned 0xcb [0050.104] GetConsoleOutputCP () returned 0x1b5 [0050.104] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.104] GetLastError () returned 0xcb [0050.104] GetConsoleOutputCP () returned 0x1b5 [0050.104] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.104] GetLastError () returned 0xcb [0050.104] GetConsoleOutputCP () returned 0x1b5 [0050.105] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.105] GetLastError () returned 0xcb [0050.105] GetConsoleOutputCP () returned 0x1b5 [0050.105] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.105] GetLastError () returned 0xcb [0050.105] GetConsoleOutputCP () returned 0x1b5 [0050.105] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.105] GetLastError () returned 0xcb [0050.105] GetConsoleOutputCP () returned 0x1b5 [0050.105] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.105] GetLastError () returned 0xcb [0050.105] GetConsoleOutputCP () returned 0x1b5 [0050.105] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.105] GetLastError () returned 0xcb [0050.105] GetConsoleOutputCP () returned 0x1b5 [0050.105] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.105] GetLastError () returned 0xcb [0050.105] GetConsoleOutputCP () returned 0x1b5 [0050.106] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.106] GetLastError () returned 0xcb [0050.106] GetConsoleOutputCP () returned 0x1b5 [0050.106] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.106] GetLastError () returned 0xcb [0050.106] GetConsoleOutputCP () returned 0x1b5 [0050.106] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.106] GetLastError () returned 0xcb [0050.106] GetConsoleOutputCP () returned 0x1b5 [0050.106] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.106] GetLastError () returned 0xcb [0050.106] GetConsoleOutputCP () returned 0x1b5 [0050.106] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.106] GetLastError () returned 0xcb [0050.106] GetConsoleOutputCP () returned 0x1b5 [0050.106] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.106] GetLastError () returned 0xcb [0050.106] GetConsoleOutputCP () returned 0x1b5 [0050.106] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.106] GetLastError () returned 0xcb [0050.107] GetConsoleOutputCP () returned 0x1b5 [0050.107] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.107] GetLastError () returned 0xcb [0050.107] GetConsoleOutputCP () returned 0x1b5 [0050.107] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.107] GetLastError () returned 0xcb [0050.107] GetConsoleOutputCP () returned 0x1b5 [0050.107] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.107] GetLastError () returned 0xcb [0050.107] GetConsoleOutputCP () returned 0x1b5 [0050.107] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.107] GetLastError () returned 0xcb [0050.107] GetConsoleOutputCP () returned 0x1b5 [0050.107] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.107] GetLastError () returned 0xcb [0050.107] GetConsoleOutputCP () returned 0x1b5 [0050.107] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.107] GetLastError () returned 0xcb [0050.107] GetConsoleOutputCP () returned 0x1b5 [0050.108] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.108] GetLastError () returned 0xcb [0050.108] GetConsoleOutputCP () returned 0x1b5 [0050.108] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.108] GetLastError () returned 0xcb [0050.108] GetConsoleOutputCP () returned 0x1b5 [0050.108] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.108] GetLastError () returned 0xcb [0050.108] GetConsoleOutputCP () returned 0x1b5 [0050.108] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.108] GetLastError () returned 0xcb [0050.108] GetConsoleOutputCP () returned 0x1b5 [0050.108] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.108] GetLastError () returned 0xcb [0050.108] GetConsoleOutputCP () returned 0x1b5 [0050.108] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.108] GetLastError () returned 0xcb [0050.108] GetConsoleOutputCP () returned 0x1b5 [0050.108] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.109] GetLastError () returned 0xcb [0050.109] GetConsoleOutputCP () returned 0x1b5 [0050.109] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.109] GetLastError () returned 0xcb [0050.109] GetConsoleOutputCP () returned 0x1b5 [0050.109] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.109] GetLastError () returned 0xcb [0050.109] GetConsoleOutputCP () returned 0x1b5 [0050.109] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.109] GetLastError () returned 0xcb [0050.109] GetConsoleOutputCP () returned 0x1b5 [0050.109] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.109] GetLastError () returned 0xcb [0050.109] GetConsoleOutputCP () returned 0x1b5 [0050.109] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.109] GetLastError () returned 0xcb [0050.109] GetConsoleOutputCP () returned 0x1b5 [0050.109] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.109] GetLastError () returned 0xcb [0050.109] GetConsoleOutputCP () returned 0x1b5 [0050.110] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.110] GetLastError () returned 0xcb [0050.110] GetConsoleOutputCP () returned 0x1b5 [0050.110] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.110] GetLastError () returned 0xcb [0050.110] GetConsoleOutputCP () returned 0x1b5 [0050.110] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.110] GetLastError () returned 0xcb [0050.110] GetConsoleOutputCP () returned 0x1b5 [0050.110] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.110] GetLastError () returned 0xcb [0050.110] GetConsoleOutputCP () returned 0x1b5 [0050.110] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed30, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed30) returned 0 [0050.110] GetLastError () returned 0xcb [0050.110] GetConsoleOutputCP () returned 0x1b5 [0050.110] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed30, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed30) returned 0 [0050.110] GetLastError () returned 0xcb [0050.110] GetConsoleOutputCP () returned 0x1b5 [0050.111] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed30, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed30) returned 0 [0050.111] GetLastError () returned 0xcb [0050.111] GetConsoleOutputCP () returned 0x1b5 [0050.111] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed30, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed30) returned 0 [0050.111] GetLastError () returned 0xcb [0050.111] GetConsoleOutputCP () returned 0x1b5 [0050.111] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed30, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed30) returned 0 [0050.111] GetLastError () returned 0xcb [0050.111] GetConsoleOutputCP () returned 0x1b5 [0050.111] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.111] GetLastError () returned 0xcb [0050.111] GetConsoleOutputCP () returned 0x1b5 [0050.111] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.111] GetLastError () returned 0xcb [0050.111] GetConsoleOutputCP () returned 0x1b5 [0050.111] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.111] GetLastError () returned 0xcb [0050.111] GetConsoleOutputCP () returned 0x1b5 [0050.111] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.111] GetLastError () returned 0xcb [0050.111] GetConsoleOutputCP () returned 0x1b5 [0050.112] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.112] GetLastError () returned 0xcb [0050.112] GetConsoleOutputCP () returned 0x1b5 [0050.112] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.112] GetLastError () returned 0xcb [0050.112] GetConsoleOutputCP () returned 0x1b5 [0050.112] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.112] GetLastError () returned 0xcb [0050.112] GetConsoleOutputCP () returned 0x1b5 [0050.112] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.112] GetLastError () returned 0xcb [0050.112] GetConsoleOutputCP () returned 0x1b5 [0050.112] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.112] GetLastError () returned 0xcb [0050.112] GetConsoleOutputCP () returned 0x1b5 [0050.112] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.112] GetLastError () returned 0xcb [0050.112] GetConsoleOutputCP () returned 0x1b5 [0050.113] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.113] GetLastError () returned 0xcb [0050.113] GetConsoleOutputCP () returned 0x1b5 [0050.113] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.113] GetLastError () returned 0xcb [0050.113] GetConsoleOutputCP () returned 0x1b5 [0050.113] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.113] GetLastError () returned 0xcb [0050.113] GetConsoleOutputCP () returned 0x1b5 [0050.113] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.113] GetLastError () returned 0xcb [0050.113] GetConsoleOutputCP () returned 0x1b5 [0050.113] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.113] GetLastError () returned 0xcb [0050.113] GetConsoleOutputCP () returned 0x1b5 [0050.113] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.113] GetLastError () returned 0xcb [0050.113] GetConsoleOutputCP () returned 0x1b5 [0050.113] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.113] GetLastError () returned 0xcb [0050.114] GetConsoleOutputCP () returned 0x1b5 [0050.114] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.114] GetLastError () returned 0xcb [0050.114] GetConsoleOutputCP () returned 0x1b5 [0050.114] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.114] GetLastError () returned 0xcb [0050.114] GetConsoleOutputCP () returned 0x1b5 [0050.114] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.114] GetLastError () returned 0xcb [0050.114] GetConsoleOutputCP () returned 0x1b5 [0050.114] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.114] GetLastError () returned 0xcb [0050.114] GetConsoleOutputCP () returned 0x1b5 [0050.114] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.114] GetLastError () returned 0xcb [0050.114] GetConsoleOutputCP () returned 0x1b5 [0050.114] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.114] GetLastError () returned 0xcb [0050.114] GetConsoleOutputCP () returned 0x1b5 [0050.115] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.115] GetLastError () returned 0xcb [0050.115] GetConsoleOutputCP () returned 0x1b5 [0050.115] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.115] GetLastError () returned 0xcb [0050.115] GetConsoleOutputCP () returned 0x1b5 [0050.115] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.115] GetLastError () returned 0xcb [0050.115] GetConsoleOutputCP () returned 0x1b5 [0050.115] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.115] GetLastError () returned 0xcb [0050.115] GetConsoleOutputCP () returned 0x1b5 [0050.115] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.115] GetLastError () returned 0xcb [0050.115] GetConsoleOutputCP () returned 0x1b5 [0050.115] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.115] GetLastError () returned 0xcb [0050.115] GetConsoleOutputCP () returned 0x1b5 [0050.115] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.116] GetLastError () returned 0xcb [0050.116] GetConsoleOutputCP () returned 0x1b5 [0050.116] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.116] GetLastError () returned 0xcb [0050.116] GetConsoleOutputCP () returned 0x1b5 [0050.116] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.116] GetLastError () returned 0xcb [0050.116] GetConsoleOutputCP () returned 0x1b5 [0050.116] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.116] GetLastError () returned 0xcb [0050.116] GetConsoleOutputCP () returned 0x1b5 [0050.116] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.116] GetLastError () returned 0xcb [0050.116] GetConsoleOutputCP () returned 0x1b5 [0050.116] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.116] GetLastError () returned 0xcb [0050.116] GetConsoleOutputCP () returned 0x1b5 [0050.116] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.116] GetLastError () returned 0xcb [0050.116] GetConsoleOutputCP () returned 0x1b5 [0050.117] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.117] GetLastError () returned 0xcb [0050.117] GetConsoleOutputCP () returned 0x1b5 [0050.117] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.117] GetLastError () returned 0xcb [0050.117] GetConsoleOutputCP () returned 0x1b5 [0050.117] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.117] GetLastError () returned 0xcb [0050.117] GetConsoleOutputCP () returned 0x1b5 [0050.117] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.117] GetLastError () returned 0xcb [0050.117] GetConsoleOutputCP () returned 0x1b5 [0050.117] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.117] GetLastError () returned 0xcb [0050.118] GetConsoleOutputCP () returned 0x1b5 [0050.118] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.118] GetLastError () returned 0xcb [0050.118] GetConsoleOutputCP () returned 0x1b5 [0050.118] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.118] GetLastError () returned 0xcb [0050.118] GetConsoleOutputCP () returned 0x1b5 [0050.118] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.118] GetLastError () returned 0xcb [0050.118] GetConsoleOutputCP () returned 0x1b5 [0050.118] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.118] GetLastError () returned 0xcb [0050.118] GetConsoleOutputCP () returned 0x1b5 [0050.118] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.118] GetLastError () returned 0xcb [0050.118] GetConsoleOutputCP () returned 0x1b5 [0050.118] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.118] GetLastError () returned 0xcb [0050.118] GetConsoleOutputCP () returned 0x1b5 [0050.119] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.119] GetLastError () returned 0xcb [0050.119] GetConsoleOutputCP () returned 0x1b5 [0050.119] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.119] GetLastError () returned 0xcb [0050.119] GetConsoleOutputCP () returned 0x1b5 [0050.119] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.119] GetLastError () returned 0xcb [0050.119] GetConsoleOutputCP () returned 0x1b5 [0050.119] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.119] GetLastError () returned 0xcb [0050.119] GetConsoleOutputCP () returned 0x1b5 [0050.119] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.119] GetLastError () returned 0xcb [0050.119] GetConsoleOutputCP () returned 0x1b5 [0050.119] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.119] GetLastError () returned 0xcb [0050.119] GetConsoleOutputCP () returned 0x1b5 [0050.119] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.119] GetLastError () returned 0xcb [0050.120] GetConsoleOutputCP () returned 0x1b5 [0050.120] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.120] GetLastError () returned 0xcb [0050.120] GetConsoleOutputCP () returned 0x1b5 [0050.120] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.120] GetLastError () returned 0xcb [0050.120] GetConsoleOutputCP () returned 0x1b5 [0050.120] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.120] GetLastError () returned 0xcb [0050.120] GetConsoleOutputCP () returned 0x1b5 [0050.120] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.120] GetLastError () returned 0xcb [0050.120] GetConsoleOutputCP () returned 0x1b5 [0050.120] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.120] GetLastError () returned 0xcb [0050.120] GetConsoleOutputCP () returned 0x1b5 [0050.120] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.120] GetLastError () returned 0xcb [0050.120] GetConsoleOutputCP () returned 0x1b5 [0050.121] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.121] GetLastError () returned 0xcb [0050.121] GetConsoleOutputCP () returned 0x1b5 [0050.121] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.121] GetLastError () returned 0xcb [0050.121] GetConsoleOutputCP () returned 0x1b5 [0050.121] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.121] GetLastError () returned 0xcb [0050.121] GetConsoleOutputCP () returned 0x1b5 [0050.121] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.121] GetLastError () returned 0xcb [0050.121] GetConsoleOutputCP () returned 0x1b5 [0050.121] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.121] GetLastError () returned 0xcb [0050.121] GetConsoleOutputCP () returned 0x1b5 [0050.121] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.121] GetLastError () returned 0xcb [0050.121] GetConsoleOutputCP () returned 0x1b5 [0050.121] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.121] GetLastError () returned 0xcb [0050.122] GetConsoleOutputCP () returned 0x1b5 [0050.122] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.122] GetLastError () returned 0xcb [0050.122] GetConsoleOutputCP () returned 0x1b5 [0050.122] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.122] GetLastError () returned 0xcb [0050.122] GetConsoleOutputCP () returned 0x1b5 [0050.122] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.122] GetLastError () returned 0xcb [0050.122] GetConsoleOutputCP () returned 0x1b5 [0050.122] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.122] GetLastError () returned 0xcb [0050.122] GetConsoleOutputCP () returned 0x1b5 [0050.122] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.122] GetLastError () returned 0xcb [0050.122] GetConsoleOutputCP () returned 0x1b5 [0050.122] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.122] GetLastError () returned 0xcb [0050.122] GetConsoleOutputCP () returned 0x1b5 [0050.123] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.123] GetLastError () returned 0xcb [0050.123] GetConsoleOutputCP () returned 0x1b5 [0050.123] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.123] GetLastError () returned 0xcb [0050.123] GetConsoleOutputCP () returned 0x1b5 [0050.123] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.123] GetLastError () returned 0xcb [0050.123] GetConsoleOutputCP () returned 0x1b5 [0050.123] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.123] GetLastError () returned 0xcb [0050.123] GetConsoleOutputCP () returned 0x1b5 [0050.123] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.123] GetLastError () returned 0xcb [0050.123] GetConsoleOutputCP () returned 0x1b5 [0050.123] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.123] GetLastError () returned 0xcb [0050.123] GetConsoleOutputCP () returned 0x1b5 [0050.124] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed30, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed30) returned 0 [0050.124] GetLastError () returned 0xcb [0050.124] GetConsoleOutputCP () returned 0x1b5 [0050.124] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed30, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed30) returned 0 [0050.124] GetLastError () returned 0xcb [0050.124] GetConsoleOutputCP () returned 0x1b5 [0050.124] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed30, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed30) returned 0 [0050.124] GetLastError () returned 0xcb [0050.129] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17 [0050.129] GetLastError () returned 0xcb [0050.129] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x17, lpConsoleScreenBufferInfo=0x5e2ed08 | out: lpConsoleScreenBufferInfo=0x5e2ed08) returned 1 [0050.129] GetLastError () returned 0xcb [0050.129] GetConsoleOutputCP () returned 0x1b5 [0050.129] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.129] GetLastError () returned 0xcb [0050.131] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0050.131] GetLastError () returned 0xcb [0050.131] GetConsoleMode (in: hConsoleHandle=0x0, lpMode=0x5e2ed80 | out: lpMode=0x5e2ed80) returned 0 [0050.132] GetLastError () returned 0x6 [0050.135] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b [0050.136] GetLastError () returned 0x6 [0050.136] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1b, lpConsoleScreenBufferInfo=0x5e2eca8 | out: lpConsoleScreenBufferInfo=0x5e2eca8) returned 1 [0050.137] GetLastError () returned 0x6 [0050.140] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f [0050.140] GetLastError () returned 0x6 [0050.140] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1f, lpConsoleScreenBufferInfo=0x5e2eca8 | out: lpConsoleScreenBufferInfo=0x5e2eca8) returned 1 [0050.140] GetLastError () returned 0x6 [0050.146] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0050.146] GetLastError () returned 0x6 [0050.146] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5e2ecb0 | out: lpConsoleScreenBufferInfo=0x5e2ecb0) returned 1 [0050.146] GetLastError () returned 0x6 [0050.148] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1 [0050.148] GetLastError () returned 0x6 [0050.151] CloseHandle (hObject=0x23) returned 1 [0050.152] GetLastError () returned 0x6 [0050.155] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0050.155] GetLastError () returned 0x6 [0050.155] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5e2ecb0 | out: lpConsoleScreenBufferInfo=0x5e2ecb0) returned 1 [0050.155] GetLastError () returned 0x6 [0050.155] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1 [0050.155] GetLastError () returned 0x6 [0050.156] CloseHandle (hObject=0x23) returned 1 [0050.156] GetLastError () returned 0x6 [0050.156] GetStdHandle (nStdHandle=0xfffffff5) returned 0x360 [0050.156] GetLastError () returned 0x6 [0050.156] GetConsoleMode (in: hConsoleHandle=0x360, lpMode=0x5e2ed18 | out: lpMode=0x5e2ed18) returned 0 [0050.157] GetLastError () returned 0x6 [0050.157] GetConsoleOutputCP () returned 0x1b5 [0050.161] GetFileType (hFile=0x360) returned 0x3 [0050.163] WriteFile (in: hFile=0x360, lpBuffer=0x32b9d30*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x5e2ecb4, lpOverlapped=0x0 | out: lpBuffer=0x32b9d30*, lpNumberOfBytesWritten=0x5e2ecb4*=0x4f, lpOverlapped=0x0) returned 1 [0050.164] GetLastError () returned 0x0 [0050.167] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0050.169] GetLastError () returned 0x0 [0050.169] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5e2ecac | out: lpConsoleScreenBufferInfo=0x5e2ecac) returned 1 [0050.169] GetLastError () returned 0x0 [0050.169] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1 [0050.169] GetLastError () returned 0x0 [0050.169] CloseHandle (hObject=0x23) returned 1 [0050.170] GetLastError () returned 0x0 [0050.173] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0050.173] GetLastError () returned 0x0 [0050.173] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5e2ecac | out: lpConsoleScreenBufferInfo=0x5e2ecac) returned 1 [0050.173] GetLastError () returned 0x0 [0050.173] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1 [0050.173] GetLastError () returned 0x0 [0050.173] CloseHandle (hObject=0x23) returned 1 [0050.174] GetLastError () returned 0x0 [0050.174] WriteFile (in: hFile=0x360, lpBuffer=0x32b9d30*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5e2ecf4, lpOverlapped=0x0 | out: lpBuffer=0x32b9d30*, lpNumberOfBytesWritten=0x5e2ecf4*=0x1, lpOverlapped=0x0) returned 1 [0050.174] GetLastError () returned 0x0 [0050.177] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0050.177] GetLastError () returned 0x0 [0050.177] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5e2ed08 | out: lpConsoleScreenBufferInfo=0x5e2ed08) returned 1 [0050.181] GetLastError () returned 0x0 [0050.181] GetConsoleOutputCP () returned 0x1b5 [0050.182] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.182] GetLastError () returned 0x0 [0050.185] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27 [0050.333] GetLastError () returned 0x0 [0050.333] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x27, lpConsoleScreenBufferInfo=0x5e2eca8 | out: lpConsoleScreenBufferInfo=0x5e2eca8) returned 1 [0050.333] GetLastError () returned 0x0 [0050.337] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b [0050.337] GetLastError () returned 0x0 [0050.337] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2b, lpConsoleScreenBufferInfo=0x5e2eca8 | out: lpConsoleScreenBufferInfo=0x5e2eca8) returned 1 [0050.338] GetLastError () returned 0x0 [0050.341] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0050.341] GetLastError () returned 0x0 [0050.341] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5e2ecb0 | out: lpConsoleScreenBufferInfo=0x5e2ecb0) returned 1 [0050.341] GetLastError () returned 0x0 [0050.341] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1 [0050.341] GetLastError () returned 0x0 [0050.342] CloseHandle (hObject=0x2f) returned 1 [0050.342] GetLastError () returned 0x0 [0050.345] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0050.345] GetLastError () returned 0x0 [0050.345] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5e2ecb0 | out: lpConsoleScreenBufferInfo=0x5e2ecb0) returned 1 [0050.345] GetLastError () returned 0x0 [0050.345] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1 [0050.346] GetLastError () returned 0x0 [0050.346] CloseHandle (hObject=0x2f) returned 1 [0050.346] GetLastError () returned 0x0 [0050.346] WriteFile (in: hFile=0x360, lpBuffer=0x32b9d30*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x5e2ecb4, lpOverlapped=0x0 | out: lpBuffer=0x32b9d30*, lpNumberOfBytesWritten=0x5e2ecb4*=0x4f, lpOverlapped=0x0) returned 1 [0050.346] GetLastError () returned 0x0 [0050.349] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0050.350] GetLastError () returned 0x0 [0050.350] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5e2ecac | out: lpConsoleScreenBufferInfo=0x5e2ecac) returned 1 [0050.350] GetLastError () returned 0x0 [0050.350] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1 [0050.350] GetLastError () returned 0x0 [0050.350] CloseHandle (hObject=0x2f) returned 1 [0050.350] GetLastError () returned 0x0 [0050.354] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0050.354] GetLastError () returned 0x0 [0050.354] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5e2ecac | out: lpConsoleScreenBufferInfo=0x5e2ecac) returned 1 [0050.354] GetLastError () returned 0x0 [0050.354] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1 [0050.354] GetLastError () returned 0x0 [0050.355] CloseHandle (hObject=0x2f) returned 1 [0050.355] GetLastError () returned 0x0 [0050.355] WriteFile (in: hFile=0x360, lpBuffer=0x32b9d30*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5e2ecf4, lpOverlapped=0x0 | out: lpBuffer=0x32b9d30*, lpNumberOfBytesWritten=0x5e2ecf4*=0x1, lpOverlapped=0x0) returned 1 [0050.355] GetLastError () returned 0x0 [0050.358] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0050.359] GetLastError () returned 0x0 [0050.359] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5e2ed08 | out: lpConsoleScreenBufferInfo=0x5e2ed08) returned 1 [0050.359] GetLastError () returned 0x0 [0050.359] GetConsoleOutputCP () returned 0x1b5 [0050.359] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.359] GetLastError () returned 0x0 [0050.362] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33 [0050.362] GetLastError () returned 0x0 [0050.362] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x33, lpConsoleScreenBufferInfo=0x5e2eca8 | out: lpConsoleScreenBufferInfo=0x5e2eca8) returned 1 [0050.363] GetLastError () returned 0x0 [0050.366] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37 [0050.366] GetLastError () returned 0x0 [0050.366] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x37, lpConsoleScreenBufferInfo=0x5e2eca8 | out: lpConsoleScreenBufferInfo=0x5e2eca8) returned 1 [0050.366] GetLastError () returned 0x0 [0050.369] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0050.372] GetLastError () returned 0x0 [0050.372] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5e2ecb0 | out: lpConsoleScreenBufferInfo=0x5e2ecb0) returned 1 [0050.372] GetLastError () returned 0x0 [0050.372] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1 [0050.372] GetLastError () returned 0x0 [0050.372] CloseHandle (hObject=0x3b) returned 1 [0050.372] GetLastError () returned 0x0 [0050.376] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0050.376] GetLastError () returned 0x0 [0050.376] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5e2ecb0 | out: lpConsoleScreenBufferInfo=0x5e2ecb0) returned 1 [0050.376] GetLastError () returned 0x0 [0050.376] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1 [0050.376] GetLastError () returned 0x0 [0050.376] CloseHandle (hObject=0x3b) returned 1 [0050.377] GetLastError () returned 0x0 [0050.377] WriteFile (in: hFile=0x360, lpBuffer=0x32b9d30*, nNumberOfBytesToWrite=0x3e, lpNumberOfBytesWritten=0x5e2ecb4, lpOverlapped=0x0 | out: lpBuffer=0x32b9d30*, lpNumberOfBytesWritten=0x5e2ecb4*=0x3e, lpOverlapped=0x0) returned 1 [0050.377] GetLastError () returned 0x0 [0050.380] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0050.381] GetLastError () returned 0x0 [0050.381] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5e2ecac | out: lpConsoleScreenBufferInfo=0x5e2ecac) returned 1 [0050.381] GetLastError () returned 0x0 [0050.381] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1 [0050.381] GetLastError () returned 0x0 [0050.381] CloseHandle (hObject=0x3b) returned 1 [0050.381] GetLastError () returned 0x0 [0050.384] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0050.385] GetLastError () returned 0x0 [0050.385] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5e2ecac | out: lpConsoleScreenBufferInfo=0x5e2ecac) returned 1 [0050.385] GetLastError () returned 0x0 [0050.385] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1 [0050.385] GetLastError () returned 0x0 [0050.385] CloseHandle (hObject=0x3b) returned 1 [0050.386] GetLastError () returned 0x0 [0050.386] WriteFile (in: hFile=0x360, lpBuffer=0x32b9d30*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5e2ecf4, lpOverlapped=0x0 | out: lpBuffer=0x32b9d30*, lpNumberOfBytesWritten=0x5e2ecf4*=0x1, lpOverlapped=0x0) returned 1 [0050.386] GetLastError () returned 0x0 [0050.389] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0050.390] GetLastError () returned 0x0 [0050.390] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5e2ed08 | out: lpConsoleScreenBufferInfo=0x5e2ed08) returned 1 [0050.390] GetLastError () returned 0x0 [0050.390] GetConsoleOutputCP () returned 0x1b5 [0050.390] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.390] GetLastError () returned 0x0 [0050.393] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f [0050.393] GetLastError () returned 0x0 [0050.393] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3f, lpConsoleScreenBufferInfo=0x5e2eca8 | out: lpConsoleScreenBufferInfo=0x5e2eca8) returned 1 [0050.394] GetLastError () returned 0x0 [0050.397] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43 [0050.397] GetLastError () returned 0x0 [0050.397] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x43, lpConsoleScreenBufferInfo=0x5e2eca8 | out: lpConsoleScreenBufferInfo=0x5e2eca8) returned 1 [0050.397] GetLastError () returned 0x0 [0050.400] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0050.401] GetLastError () returned 0x0 [0050.401] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5e2ecb0 | out: lpConsoleScreenBufferInfo=0x5e2ecb0) returned 1 [0050.401] GetLastError () returned 0x0 [0050.401] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1 [0050.401] GetLastError () returned 0x0 [0050.401] CloseHandle (hObject=0x47) returned 1 [0050.401] GetLastError () returned 0x0 [0050.405] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0050.405] GetLastError () returned 0x0 [0050.405] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5e2ecb0 | out: lpConsoleScreenBufferInfo=0x5e2ecb0) returned 1 [0050.405] GetLastError () returned 0x0 [0050.405] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1 [0050.405] GetLastError () returned 0x0 [0050.405] CloseHandle (hObject=0x47) returned 1 [0050.406] GetLastError () returned 0x0 [0050.406] WriteFile (in: hFile=0x360, lpBuffer=0x32b9d30*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x5e2ecb4, lpOverlapped=0x0 | out: lpBuffer=0x32b9d30*, lpNumberOfBytesWritten=0x5e2ecb4*=0x11, lpOverlapped=0x0) returned 1 [0050.406] GetLastError () returned 0x0 [0050.409] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0050.409] GetLastError () returned 0x0 [0050.409] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5e2ecac | out: lpConsoleScreenBufferInfo=0x5e2ecac) returned 1 [0050.409] GetLastError () returned 0x0 [0050.409] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1 [0050.410] GetLastError () returned 0x0 [0050.410] CloseHandle (hObject=0x47) returned 1 [0050.410] GetLastError () returned 0x0 [0050.413] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0050.413] GetLastError () returned 0x0 [0050.413] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5e2ecac | out: lpConsoleScreenBufferInfo=0x5e2ecac) returned 1 [0050.414] GetLastError () returned 0x0 [0050.414] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1 [0050.414] GetLastError () returned 0x0 [0050.414] CloseHandle (hObject=0x47) returned 1 [0050.415] GetLastError () returned 0x0 [0050.415] WriteFile (in: hFile=0x360, lpBuffer=0x32b9d30*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5e2ecf4, lpOverlapped=0x0 | out: lpBuffer=0x32b9d30*, lpNumberOfBytesWritten=0x5e2ecf4*=0x1, lpOverlapped=0x0) returned 1 [0050.415] GetLastError () returned 0x0 [0050.418] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0050.419] GetLastError () returned 0x0 [0050.419] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5e2ed08 | out: lpConsoleScreenBufferInfo=0x5e2ed08) returned 1 [0050.419] GetLastError () returned 0x0 [0050.419] GetConsoleOutputCP () returned 0x1b5 [0050.419] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.419] GetLastError () returned 0x0 [0050.422] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4b [0050.422] GetLastError () returned 0x0 [0050.422] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4b, lpConsoleScreenBufferInfo=0x5e2eca8 | out: lpConsoleScreenBufferInfo=0x5e2eca8) returned 1 [0050.423] GetLastError () returned 0x0 [0050.426] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4f [0050.426] GetLastError () returned 0x0 [0050.426] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4f, lpConsoleScreenBufferInfo=0x5e2eca8 | out: lpConsoleScreenBufferInfo=0x5e2eca8) returned 1 [0050.426] GetLastError () returned 0x0 [0050.429] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0050.430] GetLastError () returned 0x0 [0050.430] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5e2ecb0 | out: lpConsoleScreenBufferInfo=0x5e2ecb0) returned 1 [0050.430] GetLastError () returned 0x0 [0050.430] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1 [0050.430] GetLastError () returned 0x0 [0050.430] CloseHandle (hObject=0x53) returned 1 [0050.430] GetLastError () returned 0x0 [0050.433] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0050.434] GetLastError () returned 0x0 [0050.434] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5e2ecb0 | out: lpConsoleScreenBufferInfo=0x5e2ecb0) returned 1 [0050.434] GetLastError () returned 0x0 [0050.434] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1 [0050.434] GetLastError () returned 0x0 [0050.435] CloseHandle (hObject=0x53) returned 1 [0050.435] GetLastError () returned 0x0 [0050.435] WriteFile (in: hFile=0x360, lpBuffer=0x32b9d30*, nNumberOfBytesToWrite=0x21, lpNumberOfBytesWritten=0x5e2ecb4, lpOverlapped=0x0 | out: lpBuffer=0x32b9d30*, lpNumberOfBytesWritten=0x5e2ecb4*=0x21, lpOverlapped=0x0) returned 1 [0050.435] GetLastError () returned 0x0 [0050.438] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0050.438] GetLastError () returned 0x0 [0050.438] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5e2ecac | out: lpConsoleScreenBufferInfo=0x5e2ecac) returned 1 [0050.439] GetLastError () returned 0x0 [0050.439] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1 [0050.439] GetLastError () returned 0x0 [0050.439] CloseHandle (hObject=0x53) returned 1 [0050.439] GetLastError () returned 0x0 [0050.442] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0050.443] GetLastError () returned 0x0 [0050.443] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5e2ecac | out: lpConsoleScreenBufferInfo=0x5e2ecac) returned 1 [0050.443] GetLastError () returned 0x0 [0050.443] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1 [0050.443] GetLastError () returned 0x0 [0050.443] CloseHandle (hObject=0x53) returned 1 [0050.443] GetLastError () returned 0x0 [0050.443] WriteFile (in: hFile=0x360, lpBuffer=0x32b9d30*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5e2ecf4, lpOverlapped=0x0 | out: lpBuffer=0x32b9d30*, lpNumberOfBytesWritten=0x5e2ecf4*=0x1, lpOverlapped=0x0) returned 1 [0050.444] GetLastError () returned 0x0 [0050.447] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0050.448] GetLastError () returned 0x0 [0050.448] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5e2ed08 | out: lpConsoleScreenBufferInfo=0x5e2ed08) returned 1 [0050.448] GetLastError () returned 0x0 [0050.448] GetConsoleOutputCP () returned 0x1b5 [0050.448] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.448] GetLastError () returned 0x0 [0050.451] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x57 [0050.451] GetLastError () returned 0x0 [0050.451] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x57, lpConsoleScreenBufferInfo=0x5e2eca8 | out: lpConsoleScreenBufferInfo=0x5e2eca8) returned 1 [0050.452] GetLastError () returned 0x0 [0050.455] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5b [0050.455] GetLastError () returned 0x0 [0050.455] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5b, lpConsoleScreenBufferInfo=0x5e2eca8 | out: lpConsoleScreenBufferInfo=0x5e2eca8) returned 1 [0050.455] GetLastError () returned 0x0 [0050.458] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0050.459] GetLastError () returned 0x0 [0050.459] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5e2ecb0 | out: lpConsoleScreenBufferInfo=0x5e2ecb0) returned 1 [0050.459] GetLastError () returned 0x0 [0050.459] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1 [0050.459] GetLastError () returned 0x0 [0050.459] CloseHandle (hObject=0x5f) returned 1 [0050.459] GetLastError () returned 0x0 [0050.462] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0050.463] GetLastError () returned 0x0 [0050.463] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5e2ecb0 | out: lpConsoleScreenBufferInfo=0x5e2ecb0) returned 1 [0050.463] GetLastError () returned 0x0 [0050.463] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1 [0050.463] GetLastError () returned 0x0 [0050.463] CloseHandle (hObject=0x5f) returned 1 [0050.464] GetLastError () returned 0x0 [0050.464] WriteFile (in: hFile=0x360, lpBuffer=0x32b9d30*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x5e2ecb4, lpOverlapped=0x0 | out: lpBuffer=0x32b9d30*, lpNumberOfBytesWritten=0x5e2ecb4*=0x4f, lpOverlapped=0x0) returned 1 [0050.464] GetLastError () returned 0x0 [0050.467] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0050.467] GetLastError () returned 0x0 [0050.467] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5e2ecac | out: lpConsoleScreenBufferInfo=0x5e2ecac) returned 1 [0050.468] GetLastError () returned 0x0 [0050.468] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1 [0050.468] GetLastError () returned 0x0 [0050.468] CloseHandle (hObject=0x5f) returned 1 [0050.468] GetLastError () returned 0x0 [0050.471] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0050.472] GetLastError () returned 0x0 [0050.472] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5e2ecac | out: lpConsoleScreenBufferInfo=0x5e2ecac) returned 1 [0050.472] GetLastError () returned 0x0 [0050.472] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1 [0050.472] GetLastError () returned 0x0 [0050.472] CloseHandle (hObject=0x5f) returned 1 [0050.472] GetLastError () returned 0x0 [0050.472] WriteFile (in: hFile=0x360, lpBuffer=0x32b9d30*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5e2ecf4, lpOverlapped=0x0 | out: lpBuffer=0x32b9d30*, lpNumberOfBytesWritten=0x5e2ecf4*=0x1, lpOverlapped=0x0) returned 1 [0050.473] GetLastError () returned 0x0 [0050.476] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0050.476] GetLastError () returned 0x0 [0050.476] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5e2ed08 | out: lpConsoleScreenBufferInfo=0x5e2ed08) returned 1 [0050.477] GetLastError () returned 0x0 [0050.477] GetConsoleOutputCP () returned 0x1b5 [0050.477] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.477] GetLastError () returned 0x0 [0050.480] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x63 [0050.480] GetLastError () returned 0x0 [0050.480] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x63, lpConsoleScreenBufferInfo=0x5e2eca8 | out: lpConsoleScreenBufferInfo=0x5e2eca8) returned 1 [0050.480] GetLastError () returned 0x0 [0050.483] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x67 [0050.484] GetLastError () returned 0x0 [0050.484] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x67, lpConsoleScreenBufferInfo=0x5e2eca8 | out: lpConsoleScreenBufferInfo=0x5e2eca8) returned 1 [0050.484] GetLastError () returned 0x0 [0050.487] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0050.487] GetLastError () returned 0x0 [0050.487] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5e2ecb0 | out: lpConsoleScreenBufferInfo=0x5e2ecb0) returned 1 [0050.487] GetLastError () returned 0x0 [0050.487] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1 [0050.488] GetLastError () returned 0x0 [0050.488] CloseHandle (hObject=0x6b) returned 1 [0050.488] GetLastError () returned 0x0 [0050.491] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0050.491] GetLastError () returned 0x0 [0050.491] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5e2ecb0 | out: lpConsoleScreenBufferInfo=0x5e2ecb0) returned 1 [0050.492] GetLastError () returned 0x0 [0050.492] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1 [0050.492] GetLastError () returned 0x0 [0050.492] CloseHandle (hObject=0x6b) returned 1 [0050.492] GetLastError () returned 0x0 [0050.492] WriteFile (in: hFile=0x360, lpBuffer=0x32b9d30*, nNumberOfBytesToWrite=0x19, lpNumberOfBytesWritten=0x5e2ecb4, lpOverlapped=0x0 | out: lpBuffer=0x32b9d30*, lpNumberOfBytesWritten=0x5e2ecb4*=0x19, lpOverlapped=0x0) returned 1 [0050.492] GetLastError () returned 0x0 [0050.496] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0050.496] GetLastError () returned 0x0 [0050.496] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5e2ecac | out: lpConsoleScreenBufferInfo=0x5e2ecac) returned 1 [0050.496] GetLastError () returned 0x0 [0050.496] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1 [0050.496] GetLastError () returned 0x0 [0050.496] CloseHandle (hObject=0x6b) returned 1 [0050.497] GetLastError () returned 0x0 [0050.500] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0050.500] GetLastError () returned 0x0 [0050.500] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5e2ecac | out: lpConsoleScreenBufferInfo=0x5e2ecac) returned 1 [0050.500] GetLastError () returned 0x0 [0050.500] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1 [0050.500] GetLastError () returned 0x0 [0050.500] CloseHandle (hObject=0x6b) returned 1 [0050.501] GetLastError () returned 0x0 [0050.501] WriteFile (in: hFile=0x360, lpBuffer=0x32b9d30*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5e2ecf4, lpOverlapped=0x0 | out: lpBuffer=0x32b9d30*, lpNumberOfBytesWritten=0x5e2ecf4*=0x1, lpOverlapped=0x0) returned 1 [0050.501] GetLastError () returned 0x0 [0050.504] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0050.504] GetLastError () returned 0x0 [0050.505] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5e2ed08 | out: lpConsoleScreenBufferInfo=0x5e2ed08) returned 1 [0050.505] GetLastError () returned 0x0 [0050.505] GetConsoleOutputCP () returned 0x1b5 [0050.505] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.505] GetLastError () returned 0x0 [0050.508] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6f [0050.508] GetLastError () returned 0x0 [0050.508] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6f, lpConsoleScreenBufferInfo=0x5e2eca8 | out: lpConsoleScreenBufferInfo=0x5e2eca8) returned 1 [0050.509] GetLastError () returned 0x0 [0050.512] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x73 [0050.512] GetLastError () returned 0x0 [0050.512] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x73, lpConsoleScreenBufferInfo=0x5e2eca8 | out: lpConsoleScreenBufferInfo=0x5e2eca8) returned 1 [0050.512] GetLastError () returned 0x0 [0050.515] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0050.516] GetLastError () returned 0x0 [0050.516] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5e2ecb0 | out: lpConsoleScreenBufferInfo=0x5e2ecb0) returned 1 [0050.516] GetLastError () returned 0x0 [0050.516] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1 [0050.516] GetLastError () returned 0x0 [0050.516] CloseHandle (hObject=0x77) returned 1 [0050.516] GetLastError () returned 0x0 [0050.519] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0050.520] GetLastError () returned 0x0 [0050.520] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5e2ecb0 | out: lpConsoleScreenBufferInfo=0x5e2ecb0) returned 1 [0050.520] GetLastError () returned 0x0 [0050.520] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1 [0050.520] GetLastError () returned 0x0 [0050.520] CloseHandle (hObject=0x77) returned 1 [0050.520] GetLastError () returned 0x0 [0050.520] WriteFile (in: hFile=0x360, lpBuffer=0x32b9d30*, nNumberOfBytesToWrite=0x36, lpNumberOfBytesWritten=0x5e2ecb4, lpOverlapped=0x0 | out: lpBuffer=0x32b9d30*, lpNumberOfBytesWritten=0x5e2ecb4*=0x36, lpOverlapped=0x0) returned 1 [0050.521] GetLastError () returned 0x0 [0050.524] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0050.524] GetLastError () returned 0x0 [0050.524] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5e2ecac | out: lpConsoleScreenBufferInfo=0x5e2ecac) returned 1 [0050.524] GetLastError () returned 0x0 [0050.524] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1 [0050.525] GetLastError () returned 0x0 [0050.525] CloseHandle (hObject=0x77) returned 1 [0050.525] GetLastError () returned 0x0 [0050.528] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0050.528] GetLastError () returned 0x0 [0050.528] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5e2ecac | out: lpConsoleScreenBufferInfo=0x5e2ecac) returned 1 [0050.528] GetLastError () returned 0x0 [0050.528] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1 [0050.529] GetLastError () returned 0x0 [0050.529] CloseHandle (hObject=0x77) returned 1 [0050.529] GetLastError () returned 0x0 [0050.529] WriteFile (in: hFile=0x360, lpBuffer=0x32b9d30*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5e2ecf4, lpOverlapped=0x0 | out: lpBuffer=0x32b9d30*, lpNumberOfBytesWritten=0x5e2ecf4*=0x1, lpOverlapped=0x0) returned 1 [0050.530] GetLastError () returned 0x0 [0050.533] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0050.533] GetLastError () returned 0x0 [0050.533] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5e2ed08 | out: lpConsoleScreenBufferInfo=0x5e2ed08) returned 1 [0050.533] GetLastError () returned 0x0 [0050.533] GetConsoleOutputCP () returned 0x1b5 [0050.533] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5e2ed10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5e2ed10) returned 0 [0050.533] GetLastError () returned 0x0 [0050.536] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7b [0050.537] GetLastError () returned 0x0 [0050.537] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7b, lpConsoleScreenBufferInfo=0x5e2eca8 | out: lpConsoleScreenBufferInfo=0x5e2eca8) returned 1 [0050.537] GetLastError () returned 0x0 [0050.540] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7f [0050.541] GetLastError () returned 0x0 [0050.541] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7f, lpConsoleScreenBufferInfo=0x5e2eca8 | out: lpConsoleScreenBufferInfo=0x5e2eca8) returned 1 [0050.541] GetLastError () returned 0x0 [0050.544] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0050.544] GetLastError () returned 0x0 [0050.544] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5e2ecb0 | out: lpConsoleScreenBufferInfo=0x5e2ecb0) returned 1 [0050.544] GetLastError () returned 0x0 [0050.544] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1 [0050.544] GetLastError () returned 0x0 [0050.545] CloseHandle (hObject=0x83) returned 1 [0050.545] GetLastError () returned 0x0 [0050.548] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0050.548] GetLastError () returned 0x0 [0050.548] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5e2ecb0 | out: lpConsoleScreenBufferInfo=0x5e2ecb0) returned 1 [0050.548] GetLastError () returned 0x0 [0050.548] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1 [0050.549] GetLastError () returned 0x0 [0050.549] CloseHandle (hObject=0x83) returned 1 [0050.549] GetLastError () returned 0x0 [0050.549] WriteFile (in: hFile=0x360, lpBuffer=0x32b9d30*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5e2ecb4, lpOverlapped=0x0 | out: lpBuffer=0x32b9d30*, lpNumberOfBytesWritten=0x5e2ecb4*=0x1, lpOverlapped=0x0) returned 1 [0050.549] GetLastError () returned 0x0 [0050.552] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0050.553] GetLastError () returned 0x0 [0050.553] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5e2ecac | out: lpConsoleScreenBufferInfo=0x5e2ecac) returned 1 [0050.553] GetLastError () returned 0x0 [0050.553] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1 [0050.553] GetLastError () returned 0x0 [0050.553] CloseHandle (hObject=0x83) returned 1 [0050.553] GetLastError () returned 0x0 [0050.556] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0050.557] GetLastError () returned 0x0 [0050.557] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5e2ecac | out: lpConsoleScreenBufferInfo=0x5e2ecac) returned 1 [0050.557] GetLastError () returned 0x0 [0050.557] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1 [0050.557] GetLastError () returned 0x0 [0050.557] CloseHandle (hObject=0x83) returned 1 [0050.558] GetLastError () returned 0x0 [0050.558] WriteFile (in: hFile=0x360, lpBuffer=0x32b9d30*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5e2ecf4, lpOverlapped=0x0 | out: lpBuffer=0x32b9d30*, lpNumberOfBytesWritten=0x5e2ecf4*=0x1, lpOverlapped=0x0) returned 1 [0050.558] GetLastError () returned 0x0 [0050.564] SetEvent (hEvent=0x3a0) returned 1 [0050.564] GetLastError () returned 0x0 [0050.564] SetEvent (hEvent=0x3b8) returned 1 [0050.564] GetLastError () returned 0x0 [0050.564] SetEvent (hEvent=0x3bc) returned 1 [0050.564] GetLastError () returned 0x0 [0050.564] SetEvent (hEvent=0x3dc) returned 1 [0050.564] GetLastError () returned 0x0 [0050.564] SetEvent (hEvent=0x32c) returned 1 [0050.564] GetLastError () returned 0x0 [0050.564] SetEvent (hEvent=0x3c4) returned 1 [0050.564] GetLastError () returned 0x0 [0050.564] SetEvent (hEvent=0x3c8) returned 1 [0050.564] GetLastError () returned 0x0 [0050.564] SetEvent (hEvent=0x328) returned 1 [0050.564] GetLastError () returned 0x0 [0050.565] SetEvent (hEvent=0x3cc) returned 1 [0050.565] GetLastError () returned 0x0 [0050.565] CoUninitialize () Thread: id = 82 os_tid = 0x5dc [0050.598] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0050.620] SetThreadUILanguage (LangId=0x0) returned 0x409 [0050.622] VirtualQuery (in: lpAddress=0x5e0df70, lpBuffer=0x5e0ef70, dwLength=0x1c | out: lpBuffer=0x5e0ef70*(BaseAddress=0x5e0d000, AllocationBase=0x5480000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0050.622] VirtualQuery (in: lpAddress=0x5e0e08c, lpBuffer=0x5e0f08c, dwLength=0x1c | out: lpBuffer=0x5e0f08c*(BaseAddress=0x5e0e000, AllocationBase=0x5480000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0050.627] SetEvent (hEvent=0x39c) returned 1 [0050.627] GetLastError () returned 0x0 [0050.627] SetEvent (hEvent=0x3d4) returned 1 [0050.627] GetLastError () returned 0x0 [0050.627] SetEvent (hEvent=0x3e4) returned 1 [0050.627] GetLastError () returned 0x0 [0050.627] SetEvent (hEvent=0x39c) returned 1 [0050.627] GetLastError () returned 0x0 [0050.628] SetEvent (hEvent=0x3d4) returned 1 [0050.628] GetLastError () returned 0x0 [0050.628] SetEvent (hEvent=0x3f4) returned 1 [0050.628] GetLastError () returned 0x0 [0050.628] SetEvent (hEvent=0x3e8) returned 1 [0050.628] GetLastError () returned 0x0 [0050.628] SetEvent (hEvent=0x3ec) returned 1 [0050.628] GetLastError () returned 0x0 [0050.628] SetEvent (hEvent=0x3f0) returned 1 [0050.628] GetLastError () returned 0x0 [0050.628] SetEvent (hEvent=0x3f8) returned 1 [0050.628] GetLastError () returned 0x0 [0050.628] CoUninitialize () Process: id = "6" image_name = "schtasks.exe" filename = "c:\\windows\\syswow64\\schtasks.exe" page_root = "0x2de1d000" os_pid = "0x81c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x5e0" cmd_line = "\"C:\\Windows\\System32\\schtasks.exe\" /create /f /sc ONLOGON /RL HIGHEST /tn \"'WinUpdt\"' /tr \"'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe\"'" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 98 os_tid = 0x82c [0064.843] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14fb54 | out: lpSystemTimeAsFileTime=0x14fb54*(dwLowDateTime=0xd5b543c0, dwHighDateTime=0x1d5f0a8)) [0064.843] GetCurrentProcessId () returned 0x81c [0064.843] GetCurrentThreadId () returned 0x82c [0064.843] GetTickCount () returned 0x11496b4 [0064.844] RtlQueryPerformanceCounter () returned 0x1 [0064.846] GetModuleHandleA (lpModuleName=0x0) returned 0xee0000 [0064.846] __set_app_type (_Type=0x1) [0064.846] __p__fmode () returned 0x770331f4 [0064.846] __p__commode () returned 0x770331fc [0064.846] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xef7881) returned 0x0 [0064.846] __wgetmainargs (in: _Argc=0xf09e6c, _Argv=0xf09e74, _Env=0xf09e70, _DoWildCard=0, _StartInfo=0xf09e80 | out: _Argc=0xf09e6c, _Argv=0xf09e74, _Env=0xf09e70) returned 0 [0064.847] _onexit (_Func=0xf00fe2) returned 0xf00fe2 [0064.847] _onexit (_Func=0xf00ff3) returned 0xf00ff3 [0064.847] _onexit (_Func=0xf01002) returned 0xf01002 [0064.847] _onexit (_Func=0xf0101e) returned 0xf0101e [0064.847] _onexit (_Func=0xf0103a) returned 0xf0103a [0064.847] _onexit (_Func=0xf01056) returned 0xf01056 [0064.848] _onexit (_Func=0xf01072) returned 0xf01072 [0064.848] _onexit (_Func=0xf0108e) returned 0xf0108e [0064.848] _onexit (_Func=0xf010aa) returned 0xf010aa [0064.848] _onexit (_Func=0xf010c6) returned 0xf010c6 [0064.848] _onexit (_Func=0xf010e2) returned 0xf010e2 [0064.848] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0064.848] WinSqmIsOptedIn () returned 0x0 [0064.849] GetProcessHeap () returned 0x590000 [0064.849] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x10) returned 0x5a4b88 [0064.849] SetLastError (dwErrCode=0x0) [0064.849] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0064.849] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0064.849] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0064.849] VerifyVersionInfoW (in: lpVersionInformation=0x14f5cc, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0x14f5cc) returned 1 [0064.849] GetProcessHeap () returned 0x590000 [0064.849] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x10) returned 0x5a4ba0 [0064.849] lstrlenW (lpString="") returned 0 [0064.849] GetProcessHeap () returned 0x590000 [0064.849] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x2) returned 0x5a4f70 [0064.849] GetProcessHeap () returned 0x590000 [0064.849] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a4f80 [0064.849] GetProcessHeap () returned 0x590000 [0064.849] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x10) returned 0x5a4bb8 [0064.849] GetProcessHeap () returned 0x590000 [0064.849] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a4fa0 [0064.849] GetProcessHeap () returned 0x590000 [0064.849] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a4fc0 [0064.849] GetProcessHeap () returned 0x590000 [0064.849] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a4fe0 [0064.849] GetProcessHeap () returned 0x590000 [0064.849] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a5000 [0064.849] GetProcessHeap () returned 0x590000 [0064.849] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x10) returned 0x5a4bd0 [0064.849] GetProcessHeap () returned 0x590000 [0064.849] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a5020 [0064.849] GetProcessHeap () returned 0x590000 [0064.849] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a5040 [0064.849] GetProcessHeap () returned 0x590000 [0064.849] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a5060 [0064.849] GetProcessHeap () returned 0x590000 [0064.849] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a5080 [0064.850] GetProcessHeap () returned 0x590000 [0064.850] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x10) returned 0x5a4be8 [0064.850] GetProcessHeap () returned 0x590000 [0064.850] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a50a0 [0064.850] GetProcessHeap () returned 0x590000 [0064.850] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a50d8 [0064.850] GetProcessHeap () returned 0x590000 [0064.850] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a50f8 [0064.850] GetProcessHeap () returned 0x590000 [0064.850] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a5118 [0064.850] SetThreadUILanguage (LangId=0x0) returned 0x409 [0064.850] SetLastError (dwErrCode=0x0) [0064.850] GetProcessHeap () returned 0x590000 [0064.850] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a5138 [0064.850] GetProcessHeap () returned 0x590000 [0064.850] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a5158 [0064.850] GetProcessHeap () returned 0x590000 [0064.850] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a5178 [0064.850] GetProcessHeap () returned 0x590000 [0064.850] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a5198 [0064.850] GetProcessHeap () returned 0x590000 [0064.850] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a51b8 [0064.850] GetProcessHeap () returned 0x590000 [0064.850] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x10) returned 0x5a4c00 [0064.850] _memicmp (_Buf1=0x5a4c00, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.851] GetProcessHeap () returned 0x590000 [0064.851] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x208) returned 0x5a5a40 [0064.851] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5a5a40, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20 [0064.851] LoadLibraryExA (lpLibFileName="VERSION.dll", hFile=0x0, dwFlags=0x0) returned 0x755a0000 [0064.852] GetProcAddress (hModule=0x755a0000, lpProcName="GetFileVersionInfoSizeW") returned 0x755a19d9 [0064.852] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744 [0064.853] GetProcessHeap () returned 0x590000 [0064.853] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x74e) returned 0x5a5c50 [0064.853] GetProcAddress (hModule=0x755a0000, lpProcName="GetFileVersionInfoW") returned 0x755a19f4 [0064.853] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x5a5c50 | out: lpData=0x5a5c50) returned 1 [0064.853] GetProcAddress (hModule=0x755a0000, lpProcName="VerQueryValueW") returned 0x755a1b51 [0064.853] VerQueryValueW (in: pBlock=0x5a5c50, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14f6d4, puLen=0x14f6d8 | out: lplpBuffer=0x14f6d4*=0x5a5fec, puLen=0x14f6d8) returned 1 [0064.854] _memicmp (_Buf1=0x5a4c00, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.854] _vsnwprintf (in: _Buffer=0x5a5a40, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x14f6bc | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0064.854] VerQueryValueW (in: pBlock=0x5a5c50, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x14f6e4, puLen=0x14f6e0 | out: lplpBuffer=0x14f6e4*=0x5a5e18, puLen=0x14f6e0) returned 1 [0064.854] lstrlenW (lpString="schtasks.exe") returned 12 [0064.854] lstrlenW (lpString="schtasks.exe") returned 12 [0064.854] lstrlenW (lpString=".EXE") returned 4 [0064.854] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe" [0064.855] lstrlenW (lpString="schtasks.exe") returned 12 [0064.855] lstrlenW (lpString=".EXE") returned 4 [0064.855] _memicmp (_Buf1=0x5a4c00, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.855] lstrlenW (lpString="schtasks") returned 8 [0064.855] GetProcessHeap () returned 0x590000 [0064.855] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a51f8 [0064.855] GetProcessHeap () returned 0x590000 [0064.855] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a5218 [0064.855] GetProcessHeap () returned 0x590000 [0064.855] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a5238 [0064.855] GetProcessHeap () returned 0x590000 [0064.855] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a5258 [0064.855] GetProcessHeap () returned 0x590000 [0064.855] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x10) returned 0x5a4c60 [0064.855] _memicmp (_Buf1=0x5a4c60, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.855] GetProcessHeap () returned 0x590000 [0064.855] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0xa0) returned 0x5a6630 [0064.855] GetProcessHeap () returned 0x590000 [0064.855] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a5278 [0064.855] GetProcessHeap () returned 0x590000 [0064.855] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a5298 [0064.856] GetProcessHeap () returned 0x590000 [0064.856] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a52b8 [0064.856] GetProcessHeap () returned 0x590000 [0064.856] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x10) returned 0x5a4c78 [0064.856] _memicmp (_Buf1=0x5a4c78, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.856] GetProcessHeap () returned 0x590000 [0064.856] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x200) returned 0x5a66d8 [0064.856] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x5a66d8, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0064.856] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0064.856] GetProcessHeap () returned 0x590000 [0064.856] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x30) returned 0x5a68e0 [0064.856] _vsnwprintf (in: _Buffer=0x5a6630, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x14f6c0 | out: _Buffer="Type \"SCHTASKS /?\" for usage.") returned 29 [0064.856] GetProcessHeap () returned 0x590000 [0064.856] GetProcessHeap () returned 0x590000 [0064.856] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5c50) returned 1 [0064.856] GetProcessHeap () returned 0x590000 [0064.856] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5c50) returned 0x74e [0064.856] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5c50 | out: hHeap=0x590000) returned 1 [0064.856] SetLastError (dwErrCode=0x0) [0064.856] GetThreadLocale () returned 0x409 [0064.856] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.856] lstrlenW (lpString="?") returned 1 [0064.856] GetThreadLocale () returned 0x409 [0064.856] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.856] lstrlenW (lpString="create") returned 6 [0064.856] GetThreadLocale () returned 0x409 [0064.856] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.856] lstrlenW (lpString="delete") returned 6 [0064.856] GetThreadLocale () returned 0x409 [0064.857] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.857] lstrlenW (lpString="query") returned 5 [0064.857] GetThreadLocale () returned 0x409 [0064.857] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.857] lstrlenW (lpString="change") returned 6 [0064.857] GetThreadLocale () returned 0x409 [0064.857] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.857] lstrlenW (lpString="run") returned 3 [0064.857] GetThreadLocale () returned 0x409 [0064.857] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.857] lstrlenW (lpString="end") returned 3 [0064.857] GetThreadLocale () returned 0x409 [0064.857] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.857] lstrlenW (lpString="showsid") returned 7 [0064.857] GetThreadLocale () returned 0x409 [0064.857] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.857] SetLastError (dwErrCode=0x0) [0064.857] SetLastError (dwErrCode=0x0) [0064.857] lstrlenW (lpString="/create") returned 7 [0064.857] lstrlenW (lpString="-/") returned 2 [0064.857] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0064.857] lstrlenW (lpString="?") returned 1 [0064.857] lstrlenW (lpString="?") returned 1 [0064.857] GetProcessHeap () returned 0x590000 [0064.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x10) returned 0x5a4c90 [0064.857] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.857] GetProcessHeap () returned 0x590000 [0064.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0xa) returned 0x5a4ca8 [0064.857] lstrlenW (lpString="create") returned 6 [0064.857] GetProcessHeap () returned 0x590000 [0064.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x10) returned 0x5a4cc0 [0064.857] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.857] GetProcessHeap () returned 0x590000 [0064.857] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a52d8 [0064.857] _vsnwprintf (in: _Buffer=0x5a4ca8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|?|") returned 3 [0064.857] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|create|") returned 8 [0064.857] lstrlenW (lpString="|?|") returned 3 [0064.857] lstrlenW (lpString="|create|") returned 8 [0064.858] SetLastError (dwErrCode=0x490) [0064.858] lstrlenW (lpString="create") returned 6 [0064.858] lstrlenW (lpString="create") returned 6 [0064.858] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.858] GetProcessHeap () returned 0x590000 [0064.858] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4ca8) returned 1 [0064.858] GetProcessHeap () returned 0x590000 [0064.858] RtlReAllocateHeap (Heap=0x590000, Flags=0xc, Ptr=0x5a4ca8, Size=0x14) returned 0x5a52f8 [0064.858] lstrlenW (lpString="create") returned 6 [0064.858] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.858] _vsnwprintf (in: _Buffer=0x5a52f8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|create|") returned 8 [0064.858] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|create|") returned 8 [0064.858] lstrlenW (lpString="|create|") returned 8 [0064.858] lstrlenW (lpString="|create|") returned 8 [0064.858] StrStrIW (lpFirst="|create|", lpSrch="|create|") returned="|create|" [0064.858] SetLastError (dwErrCode=0x0) [0064.858] SetLastError (dwErrCode=0x0) [0064.858] SetLastError (dwErrCode=0x0) [0064.858] lstrlenW (lpString="/f") returned 2 [0064.858] lstrlenW (lpString="-/") returned 2 [0064.858] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0064.858] lstrlenW (lpString="?") returned 1 [0064.858] lstrlenW (lpString="?") returned 1 [0064.858] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.858] lstrlenW (lpString="f") returned 1 [0064.858] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.858] _vsnwprintf (in: _Buffer=0x5a52f8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|?|") returned 3 [0064.858] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|f|") returned 3 [0064.858] lstrlenW (lpString="|?|") returned 3 [0064.858] lstrlenW (lpString="|f|") returned 3 [0064.858] StrStrIW (lpFirst="|?|", lpSrch="|f|") returned 0x0 [0064.858] SetLastError (dwErrCode=0x490) [0064.858] lstrlenW (lpString="create") returned 6 [0064.858] lstrlenW (lpString="create") returned 6 [0064.858] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.858] lstrlenW (lpString="f") returned 1 [0064.859] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.859] _vsnwprintf (in: _Buffer=0x5a52f8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|create|") returned 8 [0064.859] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|f|") returned 3 [0064.859] lstrlenW (lpString="|create|") returned 8 [0064.859] lstrlenW (lpString="|f|") returned 3 [0064.859] StrStrIW (lpFirst="|create|", lpSrch="|f|") returned 0x0 [0064.859] SetLastError (dwErrCode=0x490) [0064.859] lstrlenW (lpString="delete") returned 6 [0064.859] lstrlenW (lpString="delete") returned 6 [0064.859] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.859] lstrlenW (lpString="f") returned 1 [0064.859] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.859] _vsnwprintf (in: _Buffer=0x5a52f8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|delete|") returned 8 [0064.859] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|f|") returned 3 [0064.859] lstrlenW (lpString="|delete|") returned 8 [0064.859] lstrlenW (lpString="|f|") returned 3 [0064.859] StrStrIW (lpFirst="|delete|", lpSrch="|f|") returned 0x0 [0064.859] SetLastError (dwErrCode=0x490) [0064.859] lstrlenW (lpString="query") returned 5 [0064.859] lstrlenW (lpString="query") returned 5 [0064.859] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.859] lstrlenW (lpString="f") returned 1 [0064.859] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.859] _vsnwprintf (in: _Buffer=0x5a52f8, _BufferCount=0x8, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|query|") returned 7 [0064.859] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|f|") returned 3 [0064.859] lstrlenW (lpString="|query|") returned 7 [0064.859] lstrlenW (lpString="|f|") returned 3 [0064.859] StrStrIW (lpFirst="|query|", lpSrch="|f|") returned 0x0 [0064.859] SetLastError (dwErrCode=0x490) [0064.859] lstrlenW (lpString="change") returned 6 [0064.859] lstrlenW (lpString="change") returned 6 [0064.859] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.860] lstrlenW (lpString="f") returned 1 [0064.860] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.860] _vsnwprintf (in: _Buffer=0x5a52f8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|change|") returned 8 [0064.860] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|f|") returned 3 [0064.860] lstrlenW (lpString="|change|") returned 8 [0064.860] lstrlenW (lpString="|f|") returned 3 [0064.860] StrStrIW (lpFirst="|change|", lpSrch="|f|") returned 0x0 [0064.860] SetLastError (dwErrCode=0x490) [0064.860] lstrlenW (lpString="run") returned 3 [0064.860] lstrlenW (lpString="run") returned 3 [0064.860] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.860] lstrlenW (lpString="f") returned 1 [0064.860] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.860] _vsnwprintf (in: _Buffer=0x5a52f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|run|") returned 5 [0064.860] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|f|") returned 3 [0064.860] lstrlenW (lpString="|run|") returned 5 [0064.860] lstrlenW (lpString="|f|") returned 3 [0064.860] StrStrIW (lpFirst="|run|", lpSrch="|f|") returned 0x0 [0064.860] SetLastError (dwErrCode=0x490) [0064.860] lstrlenW (lpString="end") returned 3 [0064.860] lstrlenW (lpString="end") returned 3 [0064.860] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.860] lstrlenW (lpString="f") returned 1 [0064.860] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.860] _vsnwprintf (in: _Buffer=0x5a52f8, _BufferCount=0x6, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|end|") returned 5 [0064.860] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|f|") returned 3 [0064.860] lstrlenW (lpString="|end|") returned 5 [0064.860] lstrlenW (lpString="|f|") returned 3 [0064.860] StrStrIW (lpFirst="|end|", lpSrch="|f|") returned 0x0 [0064.860] SetLastError (dwErrCode=0x490) [0064.860] lstrlenW (lpString="showsid") returned 7 [0064.860] lstrlenW (lpString="showsid") returned 7 [0064.860] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.860] GetProcessHeap () returned 0x590000 [0064.860] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a52f8) returned 1 [0064.860] GetProcessHeap () returned 0x590000 [0064.861] RtlReAllocateHeap (Heap=0x590000, Flags=0xc, Ptr=0x5a52f8, Size=0x16) returned 0x5a5318 [0064.861] lstrlenW (lpString="f") returned 1 [0064.861] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.861] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0xa, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|showsid|") returned 9 [0064.861] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|f|") returned 3 [0064.861] lstrlenW (lpString="|showsid|") returned 9 [0064.861] lstrlenW (lpString="|f|") returned 3 [0064.861] StrStrIW (lpFirst="|showsid|", lpSrch="|f|") returned 0x0 [0064.861] SetLastError (dwErrCode=0x490) [0064.861] SetLastError (dwErrCode=0x490) [0064.861] SetLastError (dwErrCode=0x0) [0064.861] lstrlenW (lpString="/f") returned 2 [0064.861] StrChrIW (lpStart="/f", wMatch=0x3a) returned 0x0 [0064.861] SetLastError (dwErrCode=0x490) [0064.861] SetLastError (dwErrCode=0x0) [0064.861] lstrlenW (lpString="/f") returned 2 [0064.861] GetProcessHeap () returned 0x590000 [0064.861] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x6) returned 0x5a6918 [0064.861] GetProcessHeap () returned 0x590000 [0064.861] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a52f8 [0064.861] SetLastError (dwErrCode=0x0) [0064.861] SetLastError (dwErrCode=0x0) [0064.861] lstrlenW (lpString="/sc") returned 3 [0064.861] lstrlenW (lpString="-/") returned 2 [0064.861] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0064.861] lstrlenW (lpString="?") returned 1 [0064.861] lstrlenW (lpString="?") returned 1 [0064.861] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.861] lstrlenW (lpString="sc") returned 2 [0064.861] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.861] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|?|") returned 3 [0064.861] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|sc|") returned 4 [0064.861] lstrlenW (lpString="|?|") returned 3 [0064.861] lstrlenW (lpString="|sc|") returned 4 [0064.861] SetLastError (dwErrCode=0x490) [0064.861] lstrlenW (lpString="create") returned 6 [0064.861] lstrlenW (lpString="create") returned 6 [0064.862] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.862] lstrlenW (lpString="sc") returned 2 [0064.862] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.862] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|create|") returned 8 [0064.862] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|sc|") returned 4 [0064.862] lstrlenW (lpString="|create|") returned 8 [0064.862] lstrlenW (lpString="|sc|") returned 4 [0064.862] StrStrIW (lpFirst="|create|", lpSrch="|sc|") returned 0x0 [0064.862] SetLastError (dwErrCode=0x490) [0064.862] lstrlenW (lpString="delete") returned 6 [0064.862] lstrlenW (lpString="delete") returned 6 [0064.862] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.862] lstrlenW (lpString="sc") returned 2 [0064.862] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.862] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|delete|") returned 8 [0064.862] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|sc|") returned 4 [0064.862] lstrlenW (lpString="|delete|") returned 8 [0064.862] lstrlenW (lpString="|sc|") returned 4 [0064.862] StrStrIW (lpFirst="|delete|", lpSrch="|sc|") returned 0x0 [0064.862] SetLastError (dwErrCode=0x490) [0064.862] lstrlenW (lpString="query") returned 5 [0064.862] lstrlenW (lpString="query") returned 5 [0064.862] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.862] lstrlenW (lpString="sc") returned 2 [0064.862] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.862] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x8, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|query|") returned 7 [0064.862] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|sc|") returned 4 [0064.862] lstrlenW (lpString="|query|") returned 7 [0064.862] lstrlenW (lpString="|sc|") returned 4 [0064.862] StrStrIW (lpFirst="|query|", lpSrch="|sc|") returned 0x0 [0064.862] SetLastError (dwErrCode=0x490) [0064.862] lstrlenW (lpString="change") returned 6 [0064.862] lstrlenW (lpString="change") returned 6 [0064.862] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.863] lstrlenW (lpString="sc") returned 2 [0064.863] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.863] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|change|") returned 8 [0064.863] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|sc|") returned 4 [0064.863] lstrlenW (lpString="|change|") returned 8 [0064.863] lstrlenW (lpString="|sc|") returned 4 [0064.863] StrStrIW (lpFirst="|change|", lpSrch="|sc|") returned 0x0 [0064.863] SetLastError (dwErrCode=0x490) [0064.863] lstrlenW (lpString="run") returned 3 [0064.863] lstrlenW (lpString="run") returned 3 [0064.863] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.863] lstrlenW (lpString="sc") returned 2 [0064.863] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.863] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|run|") returned 5 [0064.863] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|sc|") returned 4 [0064.863] lstrlenW (lpString="|run|") returned 5 [0064.863] lstrlenW (lpString="|sc|") returned 4 [0064.863] StrStrIW (lpFirst="|run|", lpSrch="|sc|") returned 0x0 [0064.863] SetLastError (dwErrCode=0x490) [0064.863] lstrlenW (lpString="end") returned 3 [0064.863] lstrlenW (lpString="end") returned 3 [0064.863] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.863] lstrlenW (lpString="sc") returned 2 [0064.863] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.863] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|end|") returned 5 [0064.863] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|sc|") returned 4 [0064.863] lstrlenW (lpString="|end|") returned 5 [0064.863] lstrlenW (lpString="|sc|") returned 4 [0064.863] StrStrIW (lpFirst="|end|", lpSrch="|sc|") returned 0x0 [0064.863] SetLastError (dwErrCode=0x490) [0064.863] lstrlenW (lpString="showsid") returned 7 [0064.863] lstrlenW (lpString="showsid") returned 7 [0064.863] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.863] lstrlenW (lpString="sc") returned 2 [0064.863] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.864] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0xa, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|showsid|") returned 9 [0064.864] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|sc|") returned 4 [0064.864] lstrlenW (lpString="|showsid|") returned 9 [0064.864] lstrlenW (lpString="|sc|") returned 4 [0064.864] StrStrIW (lpFirst="|showsid|", lpSrch="|sc|") returned 0x0 [0064.864] SetLastError (dwErrCode=0x490) [0064.864] SetLastError (dwErrCode=0x490) [0064.864] SetLastError (dwErrCode=0x0) [0064.864] lstrlenW (lpString="/sc") returned 3 [0064.864] StrChrIW (lpStart="/sc", wMatch=0x3a) returned 0x0 [0064.864] SetLastError (dwErrCode=0x490) [0064.864] SetLastError (dwErrCode=0x0) [0064.864] lstrlenW (lpString="/sc") returned 3 [0064.864] GetProcessHeap () returned 0x590000 [0064.864] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x8) returned 0x5a6928 [0064.864] GetProcessHeap () returned 0x590000 [0064.864] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a5338 [0064.864] SetLastError (dwErrCode=0x0) [0064.864] SetLastError (dwErrCode=0x0) [0064.864] lstrlenW (lpString="ONLOGON") returned 7 [0064.864] lstrlenW (lpString="-/") returned 2 [0064.864] StrChrIW (lpStart="-/", wMatch=0x4f) returned 0x0 [0064.864] SetLastError (dwErrCode=0x490) [0064.864] SetLastError (dwErrCode=0x490) [0064.864] SetLastError (dwErrCode=0x0) [0064.864] lstrlenW (lpString="ONLOGON") returned 7 [0064.864] StrChrIW (lpStart="ONLOGON", wMatch=0x3a) returned 0x0 [0064.864] SetLastError (dwErrCode=0x490) [0064.864] SetLastError (dwErrCode=0x0) [0064.864] lstrlenW (lpString="ONLOGON") returned 7 [0064.864] GetProcessHeap () returned 0x590000 [0064.864] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x10) returned 0x5a4ca8 [0064.864] GetProcessHeap () returned 0x590000 [0064.864] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a5358 [0064.864] SetLastError (dwErrCode=0x0) [0064.864] SetLastError (dwErrCode=0x0) [0064.864] lstrlenW (lpString="/RL") returned 3 [0064.864] lstrlenW (lpString="-/") returned 2 [0064.864] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0064.864] lstrlenW (lpString="?") returned 1 [0064.864] lstrlenW (lpString="?") returned 1 [0064.865] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.865] lstrlenW (lpString="RL") returned 2 [0064.865] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.865] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|?|") returned 3 [0064.865] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|RL|") returned 4 [0064.865] lstrlenW (lpString="|?|") returned 3 [0064.865] lstrlenW (lpString="|RL|") returned 4 [0064.865] SetLastError (dwErrCode=0x490) [0064.865] lstrlenW (lpString="create") returned 6 [0064.865] lstrlenW (lpString="create") returned 6 [0064.865] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.865] lstrlenW (lpString="RL") returned 2 [0064.865] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.865] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|create|") returned 8 [0064.865] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|RL|") returned 4 [0064.865] lstrlenW (lpString="|create|") returned 8 [0064.865] lstrlenW (lpString="|RL|") returned 4 [0064.865] StrStrIW (lpFirst="|create|", lpSrch="|RL|") returned 0x0 [0064.865] SetLastError (dwErrCode=0x490) [0064.865] lstrlenW (lpString="delete") returned 6 [0064.865] lstrlenW (lpString="delete") returned 6 [0064.865] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.865] lstrlenW (lpString="RL") returned 2 [0064.865] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.865] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|delete|") returned 8 [0064.865] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|RL|") returned 4 [0064.865] lstrlenW (lpString="|delete|") returned 8 [0064.865] lstrlenW (lpString="|RL|") returned 4 [0064.865] StrStrIW (lpFirst="|delete|", lpSrch="|RL|") returned 0x0 [0064.865] SetLastError (dwErrCode=0x490) [0064.865] lstrlenW (lpString="query") returned 5 [0064.865] lstrlenW (lpString="query") returned 5 [0064.865] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.865] lstrlenW (lpString="RL") returned 2 [0064.866] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.866] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x8, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|query|") returned 7 [0064.866] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|RL|") returned 4 [0064.866] lstrlenW (lpString="|query|") returned 7 [0064.866] lstrlenW (lpString="|RL|") returned 4 [0064.866] StrStrIW (lpFirst="|query|", lpSrch="|RL|") returned 0x0 [0064.866] SetLastError (dwErrCode=0x490) [0064.866] lstrlenW (lpString="change") returned 6 [0064.866] lstrlenW (lpString="change") returned 6 [0064.866] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.866] lstrlenW (lpString="RL") returned 2 [0064.866] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.866] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|change|") returned 8 [0064.866] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|RL|") returned 4 [0064.866] lstrlenW (lpString="|change|") returned 8 [0064.866] lstrlenW (lpString="|RL|") returned 4 [0064.866] StrStrIW (lpFirst="|change|", lpSrch="|RL|") returned 0x0 [0064.866] SetLastError (dwErrCode=0x490) [0064.866] lstrlenW (lpString="run") returned 3 [0064.866] lstrlenW (lpString="run") returned 3 [0064.866] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.866] lstrlenW (lpString="RL") returned 2 [0064.866] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.866] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|run|") returned 5 [0064.866] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|RL|") returned 4 [0064.866] lstrlenW (lpString="|run|") returned 5 [0064.866] lstrlenW (lpString="|RL|") returned 4 [0064.866] StrStrIW (lpFirst="|run|", lpSrch="|RL|") returned 0x0 [0064.866] SetLastError (dwErrCode=0x490) [0064.866] lstrlenW (lpString="end") returned 3 [0064.866] lstrlenW (lpString="end") returned 3 [0064.866] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.866] lstrlenW (lpString="RL") returned 2 [0064.866] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.867] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|end|") returned 5 [0064.867] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|RL|") returned 4 [0064.867] lstrlenW (lpString="|end|") returned 5 [0064.867] lstrlenW (lpString="|RL|") returned 4 [0064.867] StrStrIW (lpFirst="|end|", lpSrch="|RL|") returned 0x0 [0064.867] SetLastError (dwErrCode=0x490) [0064.867] lstrlenW (lpString="showsid") returned 7 [0064.867] lstrlenW (lpString="showsid") returned 7 [0064.867] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.867] lstrlenW (lpString="RL") returned 2 [0064.867] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.867] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0xa, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|showsid|") returned 9 [0064.867] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|RL|") returned 4 [0064.867] lstrlenW (lpString="|showsid|") returned 9 [0064.867] lstrlenW (lpString="|RL|") returned 4 [0064.867] StrStrIW (lpFirst="|showsid|", lpSrch="|RL|") returned 0x0 [0064.867] SetLastError (dwErrCode=0x490) [0064.867] SetLastError (dwErrCode=0x490) [0064.867] SetLastError (dwErrCode=0x0) [0064.867] lstrlenW (lpString="/RL") returned 3 [0064.867] StrChrIW (lpStart="/RL", wMatch=0x3a) returned 0x0 [0064.867] SetLastError (dwErrCode=0x490) [0064.867] SetLastError (dwErrCode=0x0) [0064.867] lstrlenW (lpString="/RL") returned 3 [0064.867] GetProcessHeap () returned 0x590000 [0064.867] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x8) returned 0x5a6938 [0064.867] GetProcessHeap () returned 0x590000 [0064.867] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a5378 [0064.867] SetLastError (dwErrCode=0x0) [0064.867] SetLastError (dwErrCode=0x0) [0064.867] lstrlenW (lpString="HIGHEST") returned 7 [0064.867] lstrlenW (lpString="-/") returned 2 [0064.867] StrChrIW (lpStart="-/", wMatch=0x48) returned 0x0 [0064.867] SetLastError (dwErrCode=0x490) [0064.867] SetLastError (dwErrCode=0x490) [0064.867] SetLastError (dwErrCode=0x0) [0064.867] lstrlenW (lpString="HIGHEST") returned 7 [0064.867] StrChrIW (lpStart="HIGHEST", wMatch=0x3a) returned 0x0 [0064.867] SetLastError (dwErrCode=0x490) [0064.867] SetLastError (dwErrCode=0x0) [0064.868] lstrlenW (lpString="HIGHEST") returned 7 [0064.868] GetProcessHeap () returned 0x590000 [0064.868] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x10) returned 0x5a4cd8 [0064.868] GetProcessHeap () returned 0x590000 [0064.868] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a5398 [0064.868] SetLastError (dwErrCode=0x0) [0064.868] SetLastError (dwErrCode=0x0) [0064.868] lstrlenW (lpString="/tn") returned 3 [0064.868] lstrlenW (lpString="-/") returned 2 [0064.868] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0064.868] lstrlenW (lpString="?") returned 1 [0064.868] lstrlenW (lpString="?") returned 1 [0064.868] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.868] lstrlenW (lpString="tn") returned 2 [0064.868] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.868] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|?|") returned 3 [0064.868] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|tn|") returned 4 [0064.868] lstrlenW (lpString="|?|") returned 3 [0064.868] lstrlenW (lpString="|tn|") returned 4 [0064.868] SetLastError (dwErrCode=0x490) [0064.868] lstrlenW (lpString="create") returned 6 [0064.868] lstrlenW (lpString="create") returned 6 [0064.868] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.868] lstrlenW (lpString="tn") returned 2 [0064.868] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.868] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|create|") returned 8 [0064.868] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|tn|") returned 4 [0064.868] lstrlenW (lpString="|create|") returned 8 [0064.868] lstrlenW (lpString="|tn|") returned 4 [0064.868] StrStrIW (lpFirst="|create|", lpSrch="|tn|") returned 0x0 [0064.868] SetLastError (dwErrCode=0x490) [0064.868] lstrlenW (lpString="delete") returned 6 [0064.868] lstrlenW (lpString="delete") returned 6 [0064.868] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.868] lstrlenW (lpString="tn") returned 2 [0064.868] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.869] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|delete|") returned 8 [0064.869] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|tn|") returned 4 [0064.869] lstrlenW (lpString="|delete|") returned 8 [0064.869] lstrlenW (lpString="|tn|") returned 4 [0064.869] StrStrIW (lpFirst="|delete|", lpSrch="|tn|") returned 0x0 [0064.869] SetLastError (dwErrCode=0x490) [0064.869] lstrlenW (lpString="query") returned 5 [0064.869] lstrlenW (lpString="query") returned 5 [0064.869] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.869] lstrlenW (lpString="tn") returned 2 [0064.869] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.869] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x8, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|query|") returned 7 [0064.869] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|tn|") returned 4 [0064.869] lstrlenW (lpString="|query|") returned 7 [0064.869] lstrlenW (lpString="|tn|") returned 4 [0064.869] StrStrIW (lpFirst="|query|", lpSrch="|tn|") returned 0x0 [0064.869] SetLastError (dwErrCode=0x490) [0064.869] lstrlenW (lpString="change") returned 6 [0064.869] lstrlenW (lpString="change") returned 6 [0064.869] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.869] lstrlenW (lpString="tn") returned 2 [0064.869] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.869] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|change|") returned 8 [0064.869] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|tn|") returned 4 [0064.869] lstrlenW (lpString="|change|") returned 8 [0064.869] lstrlenW (lpString="|tn|") returned 4 [0064.869] StrStrIW (lpFirst="|change|", lpSrch="|tn|") returned 0x0 [0064.869] SetLastError (dwErrCode=0x490) [0064.869] lstrlenW (lpString="run") returned 3 [0064.869] lstrlenW (lpString="run") returned 3 [0064.869] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.869] lstrlenW (lpString="tn") returned 2 [0064.869] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.870] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|run|") returned 5 [0064.870] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|tn|") returned 4 [0064.870] lstrlenW (lpString="|run|") returned 5 [0064.870] lstrlenW (lpString="|tn|") returned 4 [0064.870] StrStrIW (lpFirst="|run|", lpSrch="|tn|") returned 0x0 [0064.870] SetLastError (dwErrCode=0x490) [0064.870] lstrlenW (lpString="end") returned 3 [0064.870] lstrlenW (lpString="end") returned 3 [0064.870] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.870] lstrlenW (lpString="tn") returned 2 [0064.870] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.870] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|end|") returned 5 [0064.870] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|tn|") returned 4 [0064.870] lstrlenW (lpString="|end|") returned 5 [0064.870] lstrlenW (lpString="|tn|") returned 4 [0064.870] StrStrIW (lpFirst="|end|", lpSrch="|tn|") returned 0x0 [0064.870] SetLastError (dwErrCode=0x490) [0064.870] lstrlenW (lpString="showsid") returned 7 [0064.870] lstrlenW (lpString="showsid") returned 7 [0064.870] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.870] lstrlenW (lpString="tn") returned 2 [0064.870] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.870] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0xa, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|showsid|") returned 9 [0064.870] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|tn|") returned 4 [0064.870] lstrlenW (lpString="|showsid|") returned 9 [0064.870] lstrlenW (lpString="|tn|") returned 4 [0064.870] StrStrIW (lpFirst="|showsid|", lpSrch="|tn|") returned 0x0 [0064.870] SetLastError (dwErrCode=0x490) [0064.870] SetLastError (dwErrCode=0x490) [0064.870] SetLastError (dwErrCode=0x0) [0064.870] lstrlenW (lpString="/tn") returned 3 [0064.870] StrChrIW (lpStart="/tn", wMatch=0x3a) returned 0x0 [0064.870] SetLastError (dwErrCode=0x490) [0064.870] SetLastError (dwErrCode=0x0) [0064.870] lstrlenW (lpString="/tn") returned 3 [0064.870] GetProcessHeap () returned 0x590000 [0064.870] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x8) returned 0x5a6948 [0064.870] GetProcessHeap () returned 0x590000 [0064.871] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a53b8 [0064.871] SetLastError (dwErrCode=0x0) [0064.871] SetLastError (dwErrCode=0x0) [0064.871] lstrlenW (lpString="'WinUpdt'") returned 9 [0064.871] lstrlenW (lpString="-/") returned 2 [0064.871] StrChrIW (lpStart="-/", wMatch=0x27) returned 0x0 [0064.871] SetLastError (dwErrCode=0x490) [0064.871] SetLastError (dwErrCode=0x490) [0064.871] SetLastError (dwErrCode=0x0) [0064.871] lstrlenW (lpString="'WinUpdt'") returned 9 [0064.871] StrChrIW (lpStart="'WinUpdt'", wMatch=0x3a) returned 0x0 [0064.871] SetLastError (dwErrCode=0x490) [0064.871] SetLastError (dwErrCode=0x0) [0064.871] lstrlenW (lpString="'WinUpdt'") returned 9 [0064.871] GetProcessHeap () returned 0x590000 [0064.871] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a53d8 [0064.871] GetProcessHeap () returned 0x590000 [0064.871] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a53f8 [0064.871] SetLastError (dwErrCode=0x0) [0064.871] SetLastError (dwErrCode=0x0) [0064.871] lstrlenW (lpString="/tr") returned 3 [0064.871] lstrlenW (lpString="-/") returned 2 [0064.871] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0064.871] lstrlenW (lpString="?") returned 1 [0064.871] lstrlenW (lpString="?") returned 1 [0064.871] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.871] lstrlenW (lpString="tr") returned 2 [0064.871] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.871] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|?|") returned 3 [0064.871] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|tr|") returned 4 [0064.871] lstrlenW (lpString="|?|") returned 3 [0064.871] lstrlenW (lpString="|tr|") returned 4 [0064.871] SetLastError (dwErrCode=0x490) [0064.871] lstrlenW (lpString="create") returned 6 [0064.872] lstrlenW (lpString="create") returned 6 [0064.872] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.872] lstrlenW (lpString="tr") returned 2 [0064.872] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.872] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|create|") returned 8 [0064.872] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|tr|") returned 4 [0064.872] lstrlenW (lpString="|create|") returned 8 [0064.872] lstrlenW (lpString="|tr|") returned 4 [0064.872] StrStrIW (lpFirst="|create|", lpSrch="|tr|") returned 0x0 [0064.872] SetLastError (dwErrCode=0x490) [0064.872] lstrlenW (lpString="delete") returned 6 [0064.872] lstrlenW (lpString="delete") returned 6 [0064.872] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.872] lstrlenW (lpString="tr") returned 2 [0064.872] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.872] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|delete|") returned 8 [0064.872] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|tr|") returned 4 [0064.872] lstrlenW (lpString="|delete|") returned 8 [0064.872] lstrlenW (lpString="|tr|") returned 4 [0064.872] StrStrIW (lpFirst="|delete|", lpSrch="|tr|") returned 0x0 [0064.872] SetLastError (dwErrCode=0x490) [0064.872] lstrlenW (lpString="query") returned 5 [0064.872] lstrlenW (lpString="query") returned 5 [0064.872] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.872] lstrlenW (lpString="tr") returned 2 [0064.872] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.872] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x8, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|query|") returned 7 [0064.872] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|tr|") returned 4 [0064.872] lstrlenW (lpString="|query|") returned 7 [0064.872] lstrlenW (lpString="|tr|") returned 4 [0064.872] StrStrIW (lpFirst="|query|", lpSrch="|tr|") returned 0x0 [0064.872] SetLastError (dwErrCode=0x490) [0064.872] lstrlenW (lpString="change") returned 6 [0064.872] lstrlenW (lpString="change") returned 6 [0064.872] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.873] lstrlenW (lpString="tr") returned 2 [0064.873] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.873] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|change|") returned 8 [0064.873] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|tr|") returned 4 [0064.873] lstrlenW (lpString="|change|") returned 8 [0064.873] lstrlenW (lpString="|tr|") returned 4 [0064.873] StrStrIW (lpFirst="|change|", lpSrch="|tr|") returned 0x0 [0064.873] SetLastError (dwErrCode=0x490) [0064.873] lstrlenW (lpString="run") returned 3 [0064.873] lstrlenW (lpString="run") returned 3 [0064.873] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.873] lstrlenW (lpString="tr") returned 2 [0064.873] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.873] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|run|") returned 5 [0064.873] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|tr|") returned 4 [0064.873] lstrlenW (lpString="|run|") returned 5 [0064.873] lstrlenW (lpString="|tr|") returned 4 [0064.873] StrStrIW (lpFirst="|run|", lpSrch="|tr|") returned 0x0 [0064.873] SetLastError (dwErrCode=0x490) [0064.873] lstrlenW (lpString="end") returned 3 [0064.873] lstrlenW (lpString="end") returned 3 [0064.873] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.873] lstrlenW (lpString="tr") returned 2 [0064.873] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.873] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|end|") returned 5 [0064.873] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|tr|") returned 4 [0064.873] lstrlenW (lpString="|end|") returned 5 [0064.873] lstrlenW (lpString="|tr|") returned 4 [0064.873] StrStrIW (lpFirst="|end|", lpSrch="|tr|") returned 0x0 [0064.873] SetLastError (dwErrCode=0x490) [0064.873] lstrlenW (lpString="showsid") returned 7 [0064.873] lstrlenW (lpString="showsid") returned 7 [0064.873] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.873] lstrlenW (lpString="tr") returned 2 [0064.873] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.874] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0xa, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|showsid|") returned 9 [0064.874] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14f6a8 | out: _Buffer="|tr|") returned 4 [0064.874] lstrlenW (lpString="|showsid|") returned 9 [0064.874] lstrlenW (lpString="|tr|") returned 4 [0064.874] StrStrIW (lpFirst="|showsid|", lpSrch="|tr|") returned 0x0 [0064.874] SetLastError (dwErrCode=0x490) [0064.874] SetLastError (dwErrCode=0x490) [0064.874] SetLastError (dwErrCode=0x0) [0064.874] lstrlenW (lpString="/tr") returned 3 [0064.874] StrChrIW (lpStart="/tr", wMatch=0x3a) returned 0x0 [0064.874] SetLastError (dwErrCode=0x490) [0064.874] SetLastError (dwErrCode=0x0) [0064.874] lstrlenW (lpString="/tr") returned 3 [0064.874] GetProcessHeap () returned 0x590000 [0064.874] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x8) returned 0x5a6958 [0064.874] GetProcessHeap () returned 0x590000 [0064.874] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a5418 [0064.874] SetLastError (dwErrCode=0x0) [0064.874] SetLastError (dwErrCode=0x0) [0064.874] lstrlenW (lpString="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'") returned 59 [0064.874] lstrlenW (lpString="-/") returned 2 [0064.874] StrChrIW (lpStart="-/", wMatch=0x27) returned 0x0 [0064.874] SetLastError (dwErrCode=0x490) [0064.874] SetLastError (dwErrCode=0x490) [0064.874] SetLastError (dwErrCode=0x0) [0064.874] lstrlenW (lpString="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'") returned 59 [0064.874] StrChrIW (lpStart="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'", wMatch=0x3a) returned=":\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'" [0064.874] lstrlenW (lpString="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'") returned 59 [0064.874] GetProcessHeap () returned 0x590000 [0064.874] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x10) returned 0x5a4cf0 [0064.874] _memicmp (_Buf1=0x5a4cf0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.874] GetProcessHeap () returned 0x590000 [0064.874] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0xe) returned 0x5a4d08 [0064.874] GetProcessHeap () returned 0x590000 [0064.874] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x10) returned 0x5a4d20 [0064.874] _memicmp (_Buf1=0x5a4d20, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.874] GetProcessHeap () returned 0x590000 [0064.874] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x7a) returned 0x5a6968 [0064.874] SetLastError (dwErrCode=0x7a) [0064.875] SetLastError (dwErrCode=0x0) [0064.875] SetLastError (dwErrCode=0x0) [0064.875] lstrlenW (lpString="'C") returned 2 [0064.875] lstrlenW (lpString="-/") returned 2 [0064.875] StrChrIW (lpStart="-/", wMatch=0x27) returned 0x0 [0064.875] SetLastError (dwErrCode=0x490) [0064.875] SetLastError (dwErrCode=0x490) [0064.875] SetLastError (dwErrCode=0x0) [0064.875] lstrlenW (lpString="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'") returned 59 [0064.875] GetProcessHeap () returned 0x590000 [0064.875] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x78) returned 0x59f6f0 [0064.875] GetProcessHeap () returned 0x590000 [0064.875] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a5438 [0064.922] SetLastError (dwErrCode=0x0) [0064.922] GetProcessHeap () returned 0x590000 [0064.922] GetProcessHeap () returned 0x590000 [0064.922] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6918) returned 1 [0064.922] GetProcessHeap () returned 0x590000 [0064.922] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a6918) returned 0x6 [0064.922] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6918 | out: hHeap=0x590000) returned 1 [0064.922] GetProcessHeap () returned 0x590000 [0064.922] GetProcessHeap () returned 0x590000 [0064.922] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a52f8) returned 1 [0064.922] GetProcessHeap () returned 0x590000 [0064.922] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a52f8) returned 0x14 [0064.922] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a52f8 | out: hHeap=0x590000) returned 1 [0064.922] GetProcessHeap () returned 0x590000 [0064.922] GetProcessHeap () returned 0x590000 [0064.922] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6928) returned 1 [0064.922] GetProcessHeap () returned 0x590000 [0064.922] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a6928) returned 0x8 [0064.922] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6928 | out: hHeap=0x590000) returned 1 [0064.922] GetProcessHeap () returned 0x590000 [0064.922] GetProcessHeap () returned 0x590000 [0064.922] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5338) returned 1 [0064.922] GetProcessHeap () returned 0x590000 [0064.922] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5338) returned 0x14 [0064.922] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5338 | out: hHeap=0x590000) returned 1 [0064.922] GetProcessHeap () returned 0x590000 [0064.922] GetProcessHeap () returned 0x590000 [0064.922] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4ca8) returned 1 [0064.922] GetProcessHeap () returned 0x590000 [0064.922] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4ca8) returned 0x10 [0064.923] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4ca8 | out: hHeap=0x590000) returned 1 [0064.923] GetProcessHeap () returned 0x590000 [0064.923] GetProcessHeap () returned 0x590000 [0064.923] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5358) returned 1 [0064.923] GetProcessHeap () returned 0x590000 [0064.923] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5358) returned 0x14 [0064.923] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5358 | out: hHeap=0x590000) returned 1 [0064.923] GetProcessHeap () returned 0x590000 [0064.923] GetProcessHeap () returned 0x590000 [0064.923] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6938) returned 1 [0064.923] GetProcessHeap () returned 0x590000 [0064.923] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a6938) returned 0x8 [0064.923] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6938 | out: hHeap=0x590000) returned 1 [0064.923] GetProcessHeap () returned 0x590000 [0064.923] GetProcessHeap () returned 0x590000 [0064.923] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5378) returned 1 [0064.923] GetProcessHeap () returned 0x590000 [0064.923] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5378) returned 0x14 [0064.923] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5378 | out: hHeap=0x590000) returned 1 [0064.923] GetProcessHeap () returned 0x590000 [0064.923] GetProcessHeap () returned 0x590000 [0064.923] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4cd8) returned 1 [0064.923] GetProcessHeap () returned 0x590000 [0064.923] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4cd8) returned 0x10 [0064.923] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4cd8 | out: hHeap=0x590000) returned 1 [0064.923] GetProcessHeap () returned 0x590000 [0064.923] GetProcessHeap () returned 0x590000 [0064.923] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5398) returned 1 [0064.923] GetProcessHeap () returned 0x590000 [0064.923] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5398) returned 0x14 [0064.923] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5398 | out: hHeap=0x590000) returned 1 [0064.923] GetProcessHeap () returned 0x590000 [0064.923] GetProcessHeap () returned 0x590000 [0064.923] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6948) returned 1 [0064.923] GetProcessHeap () returned 0x590000 [0064.923] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a6948) returned 0x8 [0064.923] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6948 | out: hHeap=0x590000) returned 1 [0064.923] GetProcessHeap () returned 0x590000 [0064.923] GetProcessHeap () returned 0x590000 [0064.924] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a53b8) returned 1 [0064.924] GetProcessHeap () returned 0x590000 [0064.924] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a53b8) returned 0x14 [0064.924] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a53b8 | out: hHeap=0x590000) returned 1 [0064.924] GetProcessHeap () returned 0x590000 [0064.924] GetProcessHeap () returned 0x590000 [0064.924] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a53d8) returned 1 [0064.924] GetProcessHeap () returned 0x590000 [0064.924] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a53d8) returned 0x14 [0064.924] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a53d8 | out: hHeap=0x590000) returned 1 [0064.924] GetProcessHeap () returned 0x590000 [0064.924] GetProcessHeap () returned 0x590000 [0064.924] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a53f8) returned 1 [0064.924] GetProcessHeap () returned 0x590000 [0064.924] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a53f8) returned 0x14 [0064.924] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a53f8 | out: hHeap=0x590000) returned 1 [0064.924] GetProcessHeap () returned 0x590000 [0064.924] GetProcessHeap () returned 0x590000 [0064.924] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6958) returned 1 [0064.924] GetProcessHeap () returned 0x590000 [0064.924] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a6958) returned 0x8 [0064.924] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6958 | out: hHeap=0x590000) returned 1 [0064.924] GetProcessHeap () returned 0x590000 [0064.924] GetProcessHeap () returned 0x590000 [0064.924] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5418) returned 1 [0064.924] GetProcessHeap () returned 0x590000 [0064.924] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5418) returned 0x14 [0064.924] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5418 | out: hHeap=0x590000) returned 1 [0064.924] GetProcessHeap () returned 0x590000 [0064.924] GetProcessHeap () returned 0x590000 [0064.924] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x59f6f0) returned 1 [0064.924] GetProcessHeap () returned 0x590000 [0064.924] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x59f6f0) returned 0x78 [0064.924] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x59f6f0 | out: hHeap=0x590000) returned 1 [0064.924] GetProcessHeap () returned 0x590000 [0064.924] GetProcessHeap () returned 0x590000 [0064.924] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5438) returned 1 [0064.924] GetProcessHeap () returned 0x590000 [0064.924] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5438) returned 0x14 [0064.925] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5438 | out: hHeap=0x590000) returned 1 [0064.925] GetProcessHeap () returned 0x590000 [0064.925] GetProcessHeap () returned 0x590000 [0064.925] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4b88) returned 1 [0064.925] GetProcessHeap () returned 0x590000 [0064.925] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4b88) returned 0x10 [0064.925] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4b88 | out: hHeap=0x590000) returned 1 [0064.925] SetLastError (dwErrCode=0x0) [0064.925] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0064.925] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0064.925] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0064.925] VerifyVersionInfoW (in: lpVersionInformation=0x14cac0, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0x14cac0) returned 1 [0064.925] SetLastError (dwErrCode=0x0) [0064.925] lstrlenW (lpString="create") returned 6 [0064.925] StrChrIW (lpStart="create", wMatch=0x7c) returned 0x0 [0064.925] SetLastError (dwErrCode=0x490) [0064.925] SetLastError (dwErrCode=0x0) [0064.925] lstrlenW (lpString="create") returned 6 [0064.925] GetProcessHeap () returned 0x590000 [0064.926] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a5438 [0064.926] GetProcessHeap () returned 0x590000 [0064.926] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x10) returned 0x5a4b88 [0064.926] _memicmp (_Buf1=0x5a4b88, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.926] GetProcessHeap () returned 0x590000 [0064.926] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x16) returned 0x5a5418 [0064.926] SetLastError (dwErrCode=0x0) [0064.926] _memicmp (_Buf1=0x5a4c00, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.926] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5a5a40, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20 [0064.926] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744 [0064.926] GetProcessHeap () returned 0x590000 [0064.926] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x74e) returned 0x5a5c50 [0064.926] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x5a5c50 | out: lpData=0x5a5c50) returned 1 [0064.926] VerQueryValueW (in: pBlock=0x5a5c50, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x14cbc8, puLen=0x14cbcc | out: lplpBuffer=0x14cbc8*=0x5a5fec, puLen=0x14cbcc) returned 1 [0064.926] _memicmp (_Buf1=0x5a4c00, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.927] _vsnwprintf (in: _Buffer=0x5a5a40, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0x14cbb0 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0064.927] VerQueryValueW (in: pBlock=0x5a5c50, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0x14cbd8, puLen=0x14cbd4 | out: lplpBuffer=0x14cbd8*=0x5a5e18, puLen=0x14cbd4) returned 1 [0064.927] lstrlenW (lpString="schtasks.exe") returned 12 [0064.927] lstrlenW (lpString="schtasks.exe") returned 12 [0064.927] lstrlenW (lpString=".EXE") returned 4 [0064.927] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe" [0064.927] lstrlenW (lpString="schtasks.exe") returned 12 [0064.927] lstrlenW (lpString=".EXE") returned 4 [0064.927] lstrlenW (lpString="schtasks") returned 8 [0064.927] lstrlenW (lpString="/create") returned 7 [0064.927] _memicmp (_Buf1=0x5a4c00, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.927] _vsnwprintf (in: _Buffer=0x5a5a40, _BufferCount=0x19, _Format="%s %s", _ArgList=0x14cbb0 | out: _Buffer="schtasks /create") returned 16 [0064.927] _memicmp (_Buf1=0x5a4c60, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.927] GetProcessHeap () returned 0x590000 [0064.927] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a53f8 [0064.927] _memicmp (_Buf1=0x5a4c78, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.927] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x5a66d8, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0064.927] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0064.927] GetProcessHeap () returned 0x590000 [0064.927] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x30) returned 0x5a6918 [0064.927] _vsnwprintf (in: _Buffer=0x5a6630, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0x14cbb4 | out: _Buffer="Type \"SCHTASKS /CREATE /?\" for usage.") returned 37 [0064.927] GetProcessHeap () returned 0x590000 [0064.927] GetProcessHeap () returned 0x590000 [0064.927] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5c50) returned 1 [0064.927] GetProcessHeap () returned 0x590000 [0064.927] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5c50) returned 0x74e [0064.928] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5c50 | out: hHeap=0x590000) returned 1 [0064.928] SetLastError (dwErrCode=0x0) [0064.928] GetThreadLocale () returned 0x409 [0064.928] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.928] lstrlenW (lpString="create") returned 6 [0064.928] GetThreadLocale () returned 0x409 [0064.928] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.928] lstrlenW (lpString="?") returned 1 [0064.928] GetThreadLocale () returned 0x409 [0064.928] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.928] lstrlenW (lpString="s") returned 1 [0064.928] GetThreadLocale () returned 0x409 [0064.928] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.928] lstrlenW (lpString="u") returned 1 [0064.928] GetThreadLocale () returned 0x409 [0064.928] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.928] lstrlenW (lpString="p") returned 1 [0064.928] GetThreadLocale () returned 0x409 [0064.928] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.928] lstrlenW (lpString="ru") returned 2 [0064.928] GetThreadLocale () returned 0x409 [0064.928] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.928] lstrlenW (lpString="rp") returned 2 [0064.928] GetThreadLocale () returned 0x409 [0064.928] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.928] lstrlenW (lpString="sc") returned 2 [0064.928] GetThreadLocale () returned 0x409 [0064.928] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.928] lstrlenW (lpString="mo") returned 2 [0064.928] GetThreadLocale () returned 0x409 [0064.928] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.928] lstrlenW (lpString="d") returned 1 [0064.928] GetThreadLocale () returned 0x409 [0064.928] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.929] lstrlenW (lpString="m") returned 1 [0064.929] GetThreadLocale () returned 0x409 [0064.929] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.929] lstrlenW (lpString="i") returned 1 [0064.929] GetThreadLocale () returned 0x409 [0064.929] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.929] lstrlenW (lpString="tn") returned 2 [0064.929] GetThreadLocale () returned 0x409 [0064.929] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.929] lstrlenW (lpString="tr") returned 2 [0064.929] GetThreadLocale () returned 0x409 [0064.929] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.929] lstrlenW (lpString="st") returned 2 [0064.929] GetThreadLocale () returned 0x409 [0064.929] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.929] lstrlenW (lpString="sd") returned 2 [0064.929] GetThreadLocale () returned 0x409 [0064.929] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.929] lstrlenW (lpString="ed") returned 2 [0064.929] GetThreadLocale () returned 0x409 [0064.929] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.929] lstrlenW (lpString="it") returned 2 [0064.929] GetThreadLocale () returned 0x409 [0064.929] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.929] lstrlenW (lpString="et") returned 2 [0064.929] GetThreadLocale () returned 0x409 [0064.929] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.929] lstrlenW (lpString="k") returned 1 [0064.929] GetThreadLocale () returned 0x409 [0064.930] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.930] lstrlenW (lpString="du") returned 2 [0064.930] GetThreadLocale () returned 0x409 [0064.930] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.930] lstrlenW (lpString="ri") returned 2 [0064.930] GetThreadLocale () returned 0x409 [0064.930] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.930] lstrlenW (lpString="z") returned 1 [0064.930] GetThreadLocale () returned 0x409 [0064.930] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.930] lstrlenW (lpString="f") returned 1 [0064.930] GetThreadLocale () returned 0x409 [0064.930] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.930] lstrlenW (lpString="v1") returned 2 [0064.930] GetThreadLocale () returned 0x409 [0064.930] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.930] lstrlenW (lpString="xml") returned 3 [0064.930] GetThreadLocale () returned 0x409 [0064.930] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.930] lstrlenW (lpString="ec") returned 2 [0064.930] GetThreadLocale () returned 0x409 [0064.930] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.930] lstrlenW (lpString="rl") returned 2 [0064.930] GetThreadLocale () returned 0x409 [0064.930] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.930] lstrlenW (lpString="delay") returned 5 [0064.930] GetThreadLocale () returned 0x409 [0064.930] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0064.930] lstrlenW (lpString="np") returned 2 [0064.930] SetLastError (dwErrCode=0x0) [0064.931] SetLastError (dwErrCode=0x0) [0064.931] lstrlenW (lpString="/create") returned 7 [0064.931] lstrlenW (lpString="-/") returned 2 [0064.931] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0064.931] lstrlenW (lpString="create") returned 6 [0064.931] lstrlenW (lpString="create") returned 6 [0064.931] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.931] lstrlenW (lpString="create") returned 6 [0064.931] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.931] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|create|") returned 8 [0064.931] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|create|") returned 8 [0064.931] lstrlenW (lpString="|create|") returned 8 [0064.931] lstrlenW (lpString="|create|") returned 8 [0064.931] StrStrIW (lpFirst="|create|", lpSrch="|create|") returned="|create|" [0064.931] SetLastError (dwErrCode=0x0) [0064.931] SetLastError (dwErrCode=0x0) [0064.931] SetLastError (dwErrCode=0x0) [0064.931] lstrlenW (lpString="/f") returned 2 [0064.931] lstrlenW (lpString="-/") returned 2 [0064.931] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0064.931] lstrlenW (lpString="create") returned 6 [0064.931] lstrlenW (lpString="create") returned 6 [0064.931] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.931] lstrlenW (lpString="f") returned 1 [0064.931] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.931] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|create|") returned 8 [0064.932] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|f|") returned 3 [0064.932] lstrlenW (lpString="|create|") returned 8 [0064.932] lstrlenW (lpString="|f|") returned 3 [0064.932] StrStrIW (lpFirst="|create|", lpSrch="|f|") returned 0x0 [0064.932] SetLastError (dwErrCode=0x490) [0064.932] lstrlenW (lpString="?") returned 1 [0064.932] lstrlenW (lpString="?") returned 1 [0064.932] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.932] lstrlenW (lpString="f") returned 1 [0064.932] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.932] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|?|") returned 3 [0064.932] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|f|") returned 3 [0064.932] lstrlenW (lpString="|?|") returned 3 [0064.932] lstrlenW (lpString="|f|") returned 3 [0064.932] StrStrIW (lpFirst="|?|", lpSrch="|f|") returned 0x0 [0064.932] SetLastError (dwErrCode=0x490) [0064.932] lstrlenW (lpString="s") returned 1 [0064.932] lstrlenW (lpString="s") returned 1 [0064.932] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.932] lstrlenW (lpString="f") returned 1 [0064.932] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.932] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|s|") returned 3 [0064.932] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|f|") returned 3 [0064.932] lstrlenW (lpString="|s|") returned 3 [0064.932] lstrlenW (lpString="|f|") returned 3 [0064.932] StrStrIW (lpFirst="|s|", lpSrch="|f|") returned 0x0 [0064.932] SetLastError (dwErrCode=0x490) [0064.933] lstrlenW (lpString="u") returned 1 [0064.933] lstrlenW (lpString="u") returned 1 [0064.933] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.933] lstrlenW (lpString="f") returned 1 [0064.933] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.933] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|u|") returned 3 [0064.933] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|f|") returned 3 [0064.933] lstrlenW (lpString="|u|") returned 3 [0064.933] lstrlenW (lpString="|f|") returned 3 [0064.933] StrStrIW (lpFirst="|u|", lpSrch="|f|") returned 0x0 [0064.933] SetLastError (dwErrCode=0x490) [0064.933] lstrlenW (lpString="p") returned 1 [0064.933] lstrlenW (lpString="p") returned 1 [0064.933] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.933] lstrlenW (lpString="f") returned 1 [0064.933] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.933] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|p|") returned 3 [0064.933] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|f|") returned 3 [0064.933] lstrlenW (lpString="|p|") returned 3 [0064.933] lstrlenW (lpString="|f|") returned 3 [0064.933] StrStrIW (lpFirst="|p|", lpSrch="|f|") returned 0x0 [0064.933] SetLastError (dwErrCode=0x490) [0064.933] lstrlenW (lpString="ru") returned 2 [0064.933] lstrlenW (lpString="ru") returned 2 [0064.933] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.933] lstrlenW (lpString="f") returned 1 [0064.934] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.934] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|ru|") returned 4 [0064.934] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|f|") returned 3 [0064.934] lstrlenW (lpString="|ru|") returned 4 [0064.934] lstrlenW (lpString="|f|") returned 3 [0064.934] StrStrIW (lpFirst="|ru|", lpSrch="|f|") returned 0x0 [0064.934] SetLastError (dwErrCode=0x490) [0064.934] lstrlenW (lpString="rp") returned 2 [0064.934] lstrlenW (lpString="rp") returned 2 [0064.934] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.934] lstrlenW (lpString="f") returned 1 [0064.934] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.934] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|rp|") returned 4 [0064.934] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|f|") returned 3 [0064.934] lstrlenW (lpString="|rp|") returned 4 [0064.934] lstrlenW (lpString="|f|") returned 3 [0064.934] StrStrIW (lpFirst="|rp|", lpSrch="|f|") returned 0x0 [0064.934] SetLastError (dwErrCode=0x490) [0064.934] lstrlenW (lpString="sc") returned 2 [0064.934] lstrlenW (lpString="sc") returned 2 [0064.934] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.934] lstrlenW (lpString="f") returned 1 [0064.934] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.934] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|sc|") returned 4 [0064.934] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|f|") returned 3 [0064.934] lstrlenW (lpString="|sc|") returned 4 [0064.935] lstrlenW (lpString="|f|") returned 3 [0064.935] StrStrIW (lpFirst="|sc|", lpSrch="|f|") returned 0x0 [0064.935] SetLastError (dwErrCode=0x490) [0064.935] lstrlenW (lpString="mo") returned 2 [0064.935] lstrlenW (lpString="mo") returned 2 [0064.935] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.935] lstrlenW (lpString="f") returned 1 [0064.935] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.935] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|mo|") returned 4 [0064.935] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|f|") returned 3 [0064.935] lstrlenW (lpString="|mo|") returned 4 [0064.935] lstrlenW (lpString="|f|") returned 3 [0064.935] StrStrIW (lpFirst="|mo|", lpSrch="|f|") returned 0x0 [0064.935] SetLastError (dwErrCode=0x490) [0064.935] lstrlenW (lpString="d") returned 1 [0064.935] lstrlenW (lpString="d") returned 1 [0064.935] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.935] lstrlenW (lpString="f") returned 1 [0064.935] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.935] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|d|") returned 3 [0064.935] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|f|") returned 3 [0064.935] lstrlenW (lpString="|d|") returned 3 [0064.935] lstrlenW (lpString="|f|") returned 3 [0064.935] StrStrIW (lpFirst="|d|", lpSrch="|f|") returned 0x0 [0064.935] SetLastError (dwErrCode=0x490) [0064.935] lstrlenW (lpString="m") returned 1 [0064.935] lstrlenW (lpString="m") returned 1 [0064.936] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.936] lstrlenW (lpString="f") returned 1 [0064.936] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.936] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|m|") returned 3 [0064.936] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|f|") returned 3 [0064.936] lstrlenW (lpString="|m|") returned 3 [0064.936] lstrlenW (lpString="|f|") returned 3 [0064.936] StrStrIW (lpFirst="|m|", lpSrch="|f|") returned 0x0 [0064.936] SetLastError (dwErrCode=0x490) [0064.936] lstrlenW (lpString="i") returned 1 [0064.936] lstrlenW (lpString="i") returned 1 [0064.936] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.936] lstrlenW (lpString="f") returned 1 [0064.936] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.936] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|i|") returned 3 [0064.936] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|f|") returned 3 [0064.936] lstrlenW (lpString="|i|") returned 3 [0064.936] lstrlenW (lpString="|f|") returned 3 [0064.937] StrStrIW (lpFirst="|i|", lpSrch="|f|") returned 0x0 [0064.937] SetLastError (dwErrCode=0x490) [0064.937] lstrlenW (lpString="tn") returned 2 [0064.937] lstrlenW (lpString="tn") returned 2 [0064.937] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.937] lstrlenW (lpString="f") returned 1 [0064.937] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.937] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tn|") returned 4 [0064.937] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|f|") returned 3 [0064.937] lstrlenW (lpString="|tn|") returned 4 [0064.937] lstrlenW (lpString="|f|") returned 3 [0064.937] StrStrIW (lpFirst="|tn|", lpSrch="|f|") returned 0x0 [0064.937] SetLastError (dwErrCode=0x490) [0064.937] lstrlenW (lpString="tr") returned 2 [0064.937] lstrlenW (lpString="tr") returned 2 [0064.937] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.937] lstrlenW (lpString="f") returned 1 [0064.937] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.937] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tr|") returned 4 [0064.937] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|f|") returned 3 [0064.937] lstrlenW (lpString="|tr|") returned 4 [0064.937] lstrlenW (lpString="|f|") returned 3 [0064.937] StrStrIW (lpFirst="|tr|", lpSrch="|f|") returned 0x0 [0064.937] SetLastError (dwErrCode=0x490) [0064.937] lstrlenW (lpString="st") returned 2 [0064.937] lstrlenW (lpString="st") returned 2 [0064.938] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.938] lstrlenW (lpString="f") returned 1 [0064.938] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.938] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|st|") returned 4 [0064.938] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|f|") returned 3 [0064.938] lstrlenW (lpString="|st|") returned 4 [0064.938] lstrlenW (lpString="|f|") returned 3 [0064.938] StrStrIW (lpFirst="|st|", lpSrch="|f|") returned 0x0 [0064.938] SetLastError (dwErrCode=0x490) [0064.938] lstrlenW (lpString="sd") returned 2 [0064.938] lstrlenW (lpString="sd") returned 2 [0064.938] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.938] lstrlenW (lpString="f") returned 1 [0064.938] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.938] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|sd|") returned 4 [0064.938] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|f|") returned 3 [0064.938] lstrlenW (lpString="|sd|") returned 4 [0064.938] lstrlenW (lpString="|f|") returned 3 [0064.938] StrStrIW (lpFirst="|sd|", lpSrch="|f|") returned 0x0 [0064.938] SetLastError (dwErrCode=0x490) [0064.938] lstrlenW (lpString="ed") returned 2 [0064.938] lstrlenW (lpString="ed") returned 2 [0064.938] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.938] lstrlenW (lpString="f") returned 1 [0064.938] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.938] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|ed|") returned 4 [0064.938] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|f|") returned 3 [0064.938] lstrlenW (lpString="|ed|") returned 4 [0064.938] lstrlenW (lpString="|f|") returned 3 [0064.938] StrStrIW (lpFirst="|ed|", lpSrch="|f|") returned 0x0 [0064.938] SetLastError (dwErrCode=0x490) [0064.938] lstrlenW (lpString="it") returned 2 [0064.938] lstrlenW (lpString="it") returned 2 [0064.938] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.938] lstrlenW (lpString="f") returned 1 [0064.939] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.939] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|it|") returned 4 [0064.939] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|f|") returned 3 [0064.939] lstrlenW (lpString="|it|") returned 4 [0064.939] lstrlenW (lpString="|f|") returned 3 [0064.939] StrStrIW (lpFirst="|it|", lpSrch="|f|") returned 0x0 [0064.939] SetLastError (dwErrCode=0x490) [0064.939] lstrlenW (lpString="et") returned 2 [0064.939] lstrlenW (lpString="et") returned 2 [0064.939] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.939] lstrlenW (lpString="f") returned 1 [0064.939] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.939] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|et|") returned 4 [0064.939] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|f|") returned 3 [0064.939] lstrlenW (lpString="|et|") returned 4 [0064.939] lstrlenW (lpString="|f|") returned 3 [0064.939] StrStrIW (lpFirst="|et|", lpSrch="|f|") returned 0x0 [0064.939] SetLastError (dwErrCode=0x490) [0064.939] lstrlenW (lpString="k") returned 1 [0064.939] lstrlenW (lpString="k") returned 1 [0064.939] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.939] lstrlenW (lpString="f") returned 1 [0064.939] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.939] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|k|") returned 3 [0064.939] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|f|") returned 3 [0064.939] lstrlenW (lpString="|k|") returned 3 [0064.939] lstrlenW (lpString="|f|") returned 3 [0064.939] StrStrIW (lpFirst="|k|", lpSrch="|f|") returned 0x0 [0064.939] SetLastError (dwErrCode=0x490) [0064.939] lstrlenW (lpString="du") returned 2 [0064.939] lstrlenW (lpString="du") returned 2 [0064.939] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.939] lstrlenW (lpString="f") returned 1 [0064.939] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.940] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|du|") returned 4 [0064.940] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|f|") returned 3 [0064.940] lstrlenW (lpString="|du|") returned 4 [0064.940] lstrlenW (lpString="|f|") returned 3 [0064.940] StrStrIW (lpFirst="|du|", lpSrch="|f|") returned 0x0 [0064.940] SetLastError (dwErrCode=0x490) [0064.940] lstrlenW (lpString="ri") returned 2 [0064.940] lstrlenW (lpString="ri") returned 2 [0064.940] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.940] lstrlenW (lpString="f") returned 1 [0064.940] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.940] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|ri|") returned 4 [0064.940] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|f|") returned 3 [0064.940] lstrlenW (lpString="|ri|") returned 4 [0064.940] lstrlenW (lpString="|f|") returned 3 [0064.940] StrStrIW (lpFirst="|ri|", lpSrch="|f|") returned 0x0 [0064.940] SetLastError (dwErrCode=0x490) [0064.940] lstrlenW (lpString="z") returned 1 [0064.940] lstrlenW (lpString="z") returned 1 [0064.940] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.940] lstrlenW (lpString="f") returned 1 [0064.940] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.940] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|z|") returned 3 [0064.940] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|f|") returned 3 [0064.940] lstrlenW (lpString="|z|") returned 3 [0064.940] lstrlenW (lpString="|f|") returned 3 [0064.940] StrStrIW (lpFirst="|z|", lpSrch="|f|") returned 0x0 [0064.940] SetLastError (dwErrCode=0x490) [0064.940] lstrlenW (lpString="f") returned 1 [0064.940] lstrlenW (lpString="f") returned 1 [0064.940] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.940] lstrlenW (lpString="f") returned 1 [0064.940] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.940] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|f|") returned 3 [0064.940] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|f|") returned 3 [0064.940] lstrlenW (lpString="|f|") returned 3 [0064.941] lstrlenW (lpString="|f|") returned 3 [0064.941] StrStrIW (lpFirst="|f|", lpSrch="|f|") returned="|f|" [0064.941] SetLastError (dwErrCode=0x0) [0064.941] SetLastError (dwErrCode=0x0) [0064.941] SetLastError (dwErrCode=0x0) [0064.941] lstrlenW (lpString="/sc") returned 3 [0064.941] lstrlenW (lpString="-/") returned 2 [0064.941] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0064.941] lstrlenW (lpString="create") returned 6 [0064.941] lstrlenW (lpString="create") returned 6 [0064.941] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.941] lstrlenW (lpString="sc") returned 2 [0064.941] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.941] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|create|") returned 8 [0064.941] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|sc|") returned 4 [0064.941] lstrlenW (lpString="|create|") returned 8 [0064.941] lstrlenW (lpString="|sc|") returned 4 [0064.941] StrStrIW (lpFirst="|create|", lpSrch="|sc|") returned 0x0 [0064.941] SetLastError (dwErrCode=0x490) [0064.941] lstrlenW (lpString="?") returned 1 [0064.941] lstrlenW (lpString="?") returned 1 [0064.941] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.941] lstrlenW (lpString="sc") returned 2 [0064.941] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.941] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|?|") returned 3 [0064.941] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|sc|") returned 4 [0064.941] lstrlenW (lpString="|?|") returned 3 [0064.941] lstrlenW (lpString="|sc|") returned 4 [0064.941] SetLastError (dwErrCode=0x490) [0064.941] lstrlenW (lpString="s") returned 1 [0064.941] lstrlenW (lpString="s") returned 1 [0064.941] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.941] lstrlenW (lpString="sc") returned 2 [0064.941] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.941] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|s|") returned 3 [0064.942] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|sc|") returned 4 [0064.942] lstrlenW (lpString="|s|") returned 3 [0064.942] lstrlenW (lpString="|sc|") returned 4 [0064.942] SetLastError (dwErrCode=0x490) [0064.942] lstrlenW (lpString="u") returned 1 [0064.942] lstrlenW (lpString="u") returned 1 [0064.942] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.942] lstrlenW (lpString="sc") returned 2 [0064.942] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.942] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|u|") returned 3 [0064.942] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|sc|") returned 4 [0064.942] lstrlenW (lpString="|u|") returned 3 [0064.942] lstrlenW (lpString="|sc|") returned 4 [0064.942] SetLastError (dwErrCode=0x490) [0064.942] lstrlenW (lpString="p") returned 1 [0064.942] lstrlenW (lpString="p") returned 1 [0064.942] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.942] lstrlenW (lpString="sc") returned 2 [0064.942] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.942] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|p|") returned 3 [0064.942] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|sc|") returned 4 [0064.942] lstrlenW (lpString="|p|") returned 3 [0064.942] lstrlenW (lpString="|sc|") returned 4 [0064.942] SetLastError (dwErrCode=0x490) [0064.942] lstrlenW (lpString="ru") returned 2 [0064.942] lstrlenW (lpString="ru") returned 2 [0064.942] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.942] lstrlenW (lpString="sc") returned 2 [0064.942] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.942] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|ru|") returned 4 [0064.942] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|sc|") returned 4 [0064.942] lstrlenW (lpString="|ru|") returned 4 [0064.942] lstrlenW (lpString="|sc|") returned 4 [0064.942] StrStrIW (lpFirst="|ru|", lpSrch="|sc|") returned 0x0 [0064.942] SetLastError (dwErrCode=0x490) [0064.942] lstrlenW (lpString="rp") returned 2 [0064.943] lstrlenW (lpString="rp") returned 2 [0064.943] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.943] lstrlenW (lpString="sc") returned 2 [0064.943] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.943] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|rp|") returned 4 [0064.943] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|sc|") returned 4 [0064.943] lstrlenW (lpString="|rp|") returned 4 [0064.943] lstrlenW (lpString="|sc|") returned 4 [0064.943] StrStrIW (lpFirst="|rp|", lpSrch="|sc|") returned 0x0 [0064.943] SetLastError (dwErrCode=0x490) [0064.943] lstrlenW (lpString="sc") returned 2 [0064.943] lstrlenW (lpString="sc") returned 2 [0064.943] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.943] lstrlenW (lpString="sc") returned 2 [0064.943] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.943] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|sc|") returned 4 [0064.943] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|sc|") returned 4 [0064.943] lstrlenW (lpString="|sc|") returned 4 [0064.943] lstrlenW (lpString="|sc|") returned 4 [0064.943] StrStrIW (lpFirst="|sc|", lpSrch="|sc|") returned="|sc|" [0064.943] SetLastError (dwErrCode=0x0) [0064.943] SetLastError (dwErrCode=0x0) [0064.943] lstrlenW (lpString="ONLOGON") returned 7 [0064.943] lstrlenW (lpString="-/") returned 2 [0064.943] StrChrIW (lpStart="-/", wMatch=0x4f) returned 0x0 [0064.943] SetLastError (dwErrCode=0x490) [0064.943] SetLastError (dwErrCode=0x490) [0064.943] SetLastError (dwErrCode=0x0) [0064.943] lstrlenW (lpString="ONLOGON") returned 7 [0064.943] StrChrIW (lpStart="ONLOGON", wMatch=0x3a) returned 0x0 [0064.943] SetLastError (dwErrCode=0x490) [0064.943] SetLastError (dwErrCode=0x0) [0064.943] GetProcessHeap () returned 0x590000 [0064.943] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x10) returned 0x5a4cd8 [0064.943] _memicmp (_Buf1=0x5a4cd8, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.943] lstrlenW (lpString="ONLOGON") returned 7 [0064.943] GetProcessHeap () returned 0x590000 [0064.944] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x10) returned 0x5a4ca8 [0064.944] lstrlenW (lpString="ONLOGON") returned 7 [0064.944] lstrlenW (lpString=" \x09") returned 2 [0064.944] StrChrW (lpStart=" \x09", wMatch=0x4f) returned 0x0 [0064.944] StrChrW (lpStart=" \x09", wMatch=0x4f) returned 0x0 [0064.944] StrChrW (lpStart=" \x09", wMatch=0x4e) returned 0x0 [0064.944] StrChrW (lpStart=" \x09", wMatch=0x4c) returned 0x0 [0064.944] StrChrW (lpStart=" \x09", wMatch=0x4f) returned 0x0 [0064.944] StrChrW (lpStart=" \x09", wMatch=0x47) returned 0x0 [0064.944] StrChrW (lpStart=" \x09", wMatch=0x4f) returned 0x0 [0064.944] StrChrW (lpStart=" \x09", wMatch=0x4e) returned 0x0 [0064.944] GetLastError () returned 0x0 [0064.944] lstrlenW (lpString="ONLOGON") returned 7 [0064.944] lstrlenW (lpString="ONLOGON") returned 7 [0064.944] SetLastError (dwErrCode=0x0) [0064.944] SetLastError (dwErrCode=0x0) [0064.944] lstrlenW (lpString="/RL") returned 3 [0064.944] lstrlenW (lpString="-/") returned 2 [0064.944] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0064.944] lstrlenW (lpString="create") returned 6 [0064.944] lstrlenW (lpString="create") returned 6 [0064.944] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.944] lstrlenW (lpString="RL") returned 2 [0064.944] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.944] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|create|") returned 8 [0064.944] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.944] lstrlenW (lpString="|create|") returned 8 [0064.944] lstrlenW (lpString="|RL|") returned 4 [0064.944] StrStrIW (lpFirst="|create|", lpSrch="|RL|") returned 0x0 [0064.944] SetLastError (dwErrCode=0x490) [0064.944] lstrlenW (lpString="?") returned 1 [0064.944] lstrlenW (lpString="?") returned 1 [0064.944] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.944] lstrlenW (lpString="RL") returned 2 [0064.944] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.944] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|?|") returned 3 [0064.944] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.945] lstrlenW (lpString="|?|") returned 3 [0064.945] lstrlenW (lpString="|RL|") returned 4 [0064.945] SetLastError (dwErrCode=0x490) [0064.945] lstrlenW (lpString="s") returned 1 [0064.945] lstrlenW (lpString="s") returned 1 [0064.945] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.945] lstrlenW (lpString="RL") returned 2 [0064.945] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.945] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|s|") returned 3 [0064.945] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.945] lstrlenW (lpString="|s|") returned 3 [0064.945] lstrlenW (lpString="|RL|") returned 4 [0064.945] SetLastError (dwErrCode=0x490) [0064.945] lstrlenW (lpString="u") returned 1 [0064.945] lstrlenW (lpString="u") returned 1 [0064.945] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.945] lstrlenW (lpString="RL") returned 2 [0064.945] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.945] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|u|") returned 3 [0064.945] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.945] lstrlenW (lpString="|u|") returned 3 [0064.945] lstrlenW (lpString="|RL|") returned 4 [0064.945] SetLastError (dwErrCode=0x490) [0064.945] lstrlenW (lpString="p") returned 1 [0064.945] lstrlenW (lpString="p") returned 1 [0064.945] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.945] lstrlenW (lpString="RL") returned 2 [0064.945] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.945] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|p|") returned 3 [0064.945] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.945] lstrlenW (lpString="|p|") returned 3 [0064.945] lstrlenW (lpString="|RL|") returned 4 [0064.945] SetLastError (dwErrCode=0x490) [0064.945] lstrlenW (lpString="ru") returned 2 [0064.945] lstrlenW (lpString="ru") returned 2 [0064.946] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.946] lstrlenW (lpString="RL") returned 2 [0064.946] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.946] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|ru|") returned 4 [0064.946] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.946] lstrlenW (lpString="|ru|") returned 4 [0064.946] lstrlenW (lpString="|RL|") returned 4 [0064.946] StrStrIW (lpFirst="|ru|", lpSrch="|RL|") returned 0x0 [0064.946] SetLastError (dwErrCode=0x490) [0064.946] lstrlenW (lpString="rp") returned 2 [0064.946] lstrlenW (lpString="rp") returned 2 [0064.946] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.946] lstrlenW (lpString="RL") returned 2 [0064.946] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.946] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|rp|") returned 4 [0064.946] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.946] lstrlenW (lpString="|rp|") returned 4 [0064.946] lstrlenW (lpString="|RL|") returned 4 [0064.946] StrStrIW (lpFirst="|rp|", lpSrch="|RL|") returned 0x0 [0064.946] SetLastError (dwErrCode=0x490) [0064.946] lstrlenW (lpString="sc") returned 2 [0064.946] lstrlenW (lpString="sc") returned 2 [0064.946] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.946] lstrlenW (lpString="RL") returned 2 [0064.946] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.946] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|sc|") returned 4 [0064.946] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.946] lstrlenW (lpString="|sc|") returned 4 [0064.946] lstrlenW (lpString="|RL|") returned 4 [0064.946] StrStrIW (lpFirst="|sc|", lpSrch="|RL|") returned 0x0 [0064.946] SetLastError (dwErrCode=0x490) [0064.946] lstrlenW (lpString="mo") returned 2 [0064.946] lstrlenW (lpString="mo") returned 2 [0064.946] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.946] lstrlenW (lpString="RL") returned 2 [0064.947] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.947] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|mo|") returned 4 [0064.947] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.947] lstrlenW (lpString="|mo|") returned 4 [0064.947] lstrlenW (lpString="|RL|") returned 4 [0064.947] StrStrIW (lpFirst="|mo|", lpSrch="|RL|") returned 0x0 [0064.947] SetLastError (dwErrCode=0x490) [0064.947] lstrlenW (lpString="d") returned 1 [0064.947] lstrlenW (lpString="d") returned 1 [0064.947] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.947] lstrlenW (lpString="RL") returned 2 [0064.947] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.947] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|d|") returned 3 [0064.947] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.947] lstrlenW (lpString="|d|") returned 3 [0064.947] lstrlenW (lpString="|RL|") returned 4 [0064.947] SetLastError (dwErrCode=0x490) [0064.947] lstrlenW (lpString="m") returned 1 [0064.947] lstrlenW (lpString="m") returned 1 [0064.947] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.947] lstrlenW (lpString="RL") returned 2 [0064.947] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.947] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|m|") returned 3 [0064.947] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.947] lstrlenW (lpString="|m|") returned 3 [0064.947] lstrlenW (lpString="|RL|") returned 4 [0064.947] SetLastError (dwErrCode=0x490) [0064.947] lstrlenW (lpString="i") returned 1 [0064.947] lstrlenW (lpString="i") returned 1 [0064.947] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.947] lstrlenW (lpString="RL") returned 2 [0064.947] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.947] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|i|") returned 3 [0064.947] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.947] lstrlenW (lpString="|i|") returned 3 [0064.948] lstrlenW (lpString="|RL|") returned 4 [0064.948] SetLastError (dwErrCode=0x490) [0064.948] lstrlenW (lpString="tn") returned 2 [0064.948] lstrlenW (lpString="tn") returned 2 [0064.948] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.948] lstrlenW (lpString="RL") returned 2 [0064.948] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.948] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tn|") returned 4 [0064.948] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.948] lstrlenW (lpString="|tn|") returned 4 [0064.948] lstrlenW (lpString="|RL|") returned 4 [0064.948] StrStrIW (lpFirst="|tn|", lpSrch="|RL|") returned 0x0 [0064.948] SetLastError (dwErrCode=0x490) [0064.948] lstrlenW (lpString="tr") returned 2 [0064.948] lstrlenW (lpString="tr") returned 2 [0064.948] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.948] lstrlenW (lpString="RL") returned 2 [0064.948] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.948] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tr|") returned 4 [0064.948] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.948] lstrlenW (lpString="|tr|") returned 4 [0064.948] lstrlenW (lpString="|RL|") returned 4 [0064.948] StrStrIW (lpFirst="|tr|", lpSrch="|RL|") returned 0x0 [0064.948] SetLastError (dwErrCode=0x490) [0064.948] lstrlenW (lpString="st") returned 2 [0064.948] lstrlenW (lpString="st") returned 2 [0064.948] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.948] lstrlenW (lpString="RL") returned 2 [0064.948] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.948] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|st|") returned 4 [0064.948] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.948] lstrlenW (lpString="|st|") returned 4 [0064.948] lstrlenW (lpString="|RL|") returned 4 [0064.948] StrStrIW (lpFirst="|st|", lpSrch="|RL|") returned 0x0 [0064.948] SetLastError (dwErrCode=0x490) [0064.948] lstrlenW (lpString="sd") returned 2 [0064.949] lstrlenW (lpString="sd") returned 2 [0064.949] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.949] lstrlenW (lpString="RL") returned 2 [0064.949] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.949] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|sd|") returned 4 [0064.949] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.949] lstrlenW (lpString="|sd|") returned 4 [0064.949] lstrlenW (lpString="|RL|") returned 4 [0064.949] StrStrIW (lpFirst="|sd|", lpSrch="|RL|") returned 0x0 [0064.949] SetLastError (dwErrCode=0x490) [0064.949] lstrlenW (lpString="ed") returned 2 [0064.949] lstrlenW (lpString="ed") returned 2 [0064.949] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.949] lstrlenW (lpString="RL") returned 2 [0064.949] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.949] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|ed|") returned 4 [0064.949] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.949] lstrlenW (lpString="|ed|") returned 4 [0064.949] lstrlenW (lpString="|RL|") returned 4 [0064.949] StrStrIW (lpFirst="|ed|", lpSrch="|RL|") returned 0x0 [0064.949] SetLastError (dwErrCode=0x490) [0064.949] lstrlenW (lpString="it") returned 2 [0064.949] lstrlenW (lpString="it") returned 2 [0064.949] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.949] lstrlenW (lpString="RL") returned 2 [0064.949] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.949] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|it|") returned 4 [0064.949] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.949] lstrlenW (lpString="|it|") returned 4 [0064.949] lstrlenW (lpString="|RL|") returned 4 [0064.949] StrStrIW (lpFirst="|it|", lpSrch="|RL|") returned 0x0 [0064.949] SetLastError (dwErrCode=0x490) [0064.949] lstrlenW (lpString="et") returned 2 [0064.949] lstrlenW (lpString="et") returned 2 [0064.949] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.950] lstrlenW (lpString="RL") returned 2 [0064.950] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.950] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|et|") returned 4 [0064.950] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.950] lstrlenW (lpString="|et|") returned 4 [0064.950] lstrlenW (lpString="|RL|") returned 4 [0064.950] StrStrIW (lpFirst="|et|", lpSrch="|RL|") returned 0x0 [0064.950] SetLastError (dwErrCode=0x490) [0064.950] lstrlenW (lpString="k") returned 1 [0064.950] lstrlenW (lpString="k") returned 1 [0064.950] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.950] lstrlenW (lpString="RL") returned 2 [0064.950] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.950] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|k|") returned 3 [0064.950] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.950] lstrlenW (lpString="|k|") returned 3 [0064.950] lstrlenW (lpString="|RL|") returned 4 [0064.950] SetLastError (dwErrCode=0x490) [0064.950] lstrlenW (lpString="du") returned 2 [0064.950] lstrlenW (lpString="du") returned 2 [0064.950] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.950] lstrlenW (lpString="RL") returned 2 [0064.950] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.950] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|du|") returned 4 [0064.950] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.950] lstrlenW (lpString="|du|") returned 4 [0064.950] lstrlenW (lpString="|RL|") returned 4 [0064.950] StrStrIW (lpFirst="|du|", lpSrch="|RL|") returned 0x0 [0064.950] SetLastError (dwErrCode=0x490) [0064.950] lstrlenW (lpString="ri") returned 2 [0064.950] lstrlenW (lpString="ri") returned 2 [0064.950] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.950] lstrlenW (lpString="RL") returned 2 [0064.950] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.951] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|ri|") returned 4 [0064.951] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.951] lstrlenW (lpString="|ri|") returned 4 [0064.951] lstrlenW (lpString="|RL|") returned 4 [0064.951] StrStrIW (lpFirst="|ri|", lpSrch="|RL|") returned 0x0 [0064.951] SetLastError (dwErrCode=0x490) [0064.951] lstrlenW (lpString="z") returned 1 [0064.951] lstrlenW (lpString="z") returned 1 [0064.951] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.951] lstrlenW (lpString="RL") returned 2 [0064.951] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.951] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|z|") returned 3 [0064.951] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.951] lstrlenW (lpString="|z|") returned 3 [0064.951] lstrlenW (lpString="|RL|") returned 4 [0064.951] SetLastError (dwErrCode=0x490) [0064.951] lstrlenW (lpString="f") returned 1 [0064.951] lstrlenW (lpString="f") returned 1 [0064.951] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.951] lstrlenW (lpString="RL") returned 2 [0064.951] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.951] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|f|") returned 3 [0064.951] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.951] lstrlenW (lpString="|f|") returned 3 [0064.951] lstrlenW (lpString="|RL|") returned 4 [0064.951] SetLastError (dwErrCode=0x490) [0064.951] lstrlenW (lpString="v1") returned 2 [0064.951] lstrlenW (lpString="v1") returned 2 [0064.951] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.951] lstrlenW (lpString="RL") returned 2 [0064.951] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.951] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|v1|") returned 4 [0064.951] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.951] lstrlenW (lpString="|v1|") returned 4 [0064.951] lstrlenW (lpString="|RL|") returned 4 [0064.951] StrStrIW (lpFirst="|v1|", lpSrch="|RL|") returned 0x0 [0064.952] SetLastError (dwErrCode=0x490) [0064.952] lstrlenW (lpString="xml") returned 3 [0064.952] lstrlenW (lpString="xml") returned 3 [0064.952] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.952] lstrlenW (lpString="RL") returned 2 [0064.952] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.952] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x6, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|xml|") returned 5 [0064.952] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.952] lstrlenW (lpString="|xml|") returned 5 [0064.952] lstrlenW (lpString="|RL|") returned 4 [0064.952] StrStrIW (lpFirst="|xml|", lpSrch="|RL|") returned 0x0 [0064.952] SetLastError (dwErrCode=0x490) [0064.952] lstrlenW (lpString="ec") returned 2 [0064.952] lstrlenW (lpString="ec") returned 2 [0064.952] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.952] lstrlenW (lpString="RL") returned 2 [0064.952] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.952] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|ec|") returned 4 [0064.952] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.952] lstrlenW (lpString="|ec|") returned 4 [0064.952] lstrlenW (lpString="|RL|") returned 4 [0064.952] StrStrIW (lpFirst="|ec|", lpSrch="|RL|") returned 0x0 [0064.952] SetLastError (dwErrCode=0x490) [0064.952] lstrlenW (lpString="rl") returned 2 [0064.952] lstrlenW (lpString="rl") returned 2 [0064.952] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.952] lstrlenW (lpString="RL") returned 2 [0064.952] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.952] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|rl|") returned 4 [0064.952] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|RL|") returned 4 [0064.952] lstrlenW (lpString="|rl|") returned 4 [0064.952] lstrlenW (lpString="|RL|") returned 4 [0064.952] StrStrIW (lpFirst="|rl|", lpSrch="|RL|") returned="|rl|" [0064.952] SetLastError (dwErrCode=0x0) [0064.952] SetLastError (dwErrCode=0x0) [0064.953] lstrlenW (lpString="HIGHEST") returned 7 [0064.953] lstrlenW (lpString="-/") returned 2 [0064.953] StrChrIW (lpStart="-/", wMatch=0x48) returned 0x0 [0064.953] SetLastError (dwErrCode=0x490) [0064.953] SetLastError (dwErrCode=0x490) [0064.953] SetLastError (dwErrCode=0x0) [0064.953] lstrlenW (lpString="HIGHEST") returned 7 [0064.953] StrChrIW (lpStart="HIGHEST", wMatch=0x3a) returned 0x0 [0064.953] SetLastError (dwErrCode=0x490) [0064.953] SetLastError (dwErrCode=0x0) [0064.953] _memicmp (_Buf1=0x5a4cd8, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.953] lstrlenW (lpString="HIGHEST") returned 7 [0064.953] lstrlenW (lpString="HIGHEST") returned 7 [0064.953] lstrlenW (lpString=" \x09") returned 2 [0064.953] StrChrW (lpStart=" \x09", wMatch=0x48) returned 0x0 [0064.953] StrChrW (lpStart=" \x09", wMatch=0x48) returned 0x0 [0064.953] StrChrW (lpStart=" \x09", wMatch=0x49) returned 0x0 [0064.953] StrChrW (lpStart=" \x09", wMatch=0x47) returned 0x0 [0064.953] StrChrW (lpStart=" \x09", wMatch=0x48) returned 0x0 [0064.953] StrChrW (lpStart=" \x09", wMatch=0x45) returned 0x0 [0064.953] StrChrW (lpStart=" \x09", wMatch=0x53) returned 0x0 [0064.953] StrChrW (lpStart=" \x09", wMatch=0x54) returned 0x0 [0064.953] GetLastError () returned 0x0 [0064.953] lstrlenW (lpString="HIGHEST") returned 7 [0064.953] lstrlenW (lpString="HIGHEST") returned 7 [0064.953] SetLastError (dwErrCode=0x0) [0064.953] SetLastError (dwErrCode=0x0) [0064.953] lstrlenW (lpString="/tn") returned 3 [0064.953] lstrlenW (lpString="-/") returned 2 [0064.953] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0064.953] lstrlenW (lpString="create") returned 6 [0064.953] lstrlenW (lpString="create") returned 6 [0064.953] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.953] lstrlenW (lpString="tn") returned 2 [0064.953] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.953] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|create|") returned 8 [0064.954] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tn|") returned 4 [0064.954] lstrlenW (lpString="|create|") returned 8 [0064.954] lstrlenW (lpString="|tn|") returned 4 [0064.954] StrStrIW (lpFirst="|create|", lpSrch="|tn|") returned 0x0 [0064.954] SetLastError (dwErrCode=0x490) [0064.954] lstrlenW (lpString="?") returned 1 [0064.954] lstrlenW (lpString="?") returned 1 [0064.954] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.954] lstrlenW (lpString="tn") returned 2 [0064.954] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.954] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|?|") returned 3 [0064.954] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tn|") returned 4 [0064.954] lstrlenW (lpString="|?|") returned 3 [0064.954] lstrlenW (lpString="|tn|") returned 4 [0064.954] SetLastError (dwErrCode=0x490) [0064.954] lstrlenW (lpString="s") returned 1 [0064.954] lstrlenW (lpString="s") returned 1 [0064.954] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.954] lstrlenW (lpString="tn") returned 2 [0064.954] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.954] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|s|") returned 3 [0064.954] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tn|") returned 4 [0064.954] lstrlenW (lpString="|s|") returned 3 [0064.954] lstrlenW (lpString="|tn|") returned 4 [0064.954] SetLastError (dwErrCode=0x490) [0064.954] lstrlenW (lpString="u") returned 1 [0064.954] lstrlenW (lpString="u") returned 1 [0064.954] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.954] lstrlenW (lpString="tn") returned 2 [0064.954] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.954] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|u|") returned 3 [0064.954] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tn|") returned 4 [0064.954] lstrlenW (lpString="|u|") returned 3 [0064.954] lstrlenW (lpString="|tn|") returned 4 [0064.954] SetLastError (dwErrCode=0x490) [0064.954] lstrlenW (lpString="p") returned 1 [0064.955] lstrlenW (lpString="p") returned 1 [0064.955] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.955] lstrlenW (lpString="tn") returned 2 [0064.955] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.955] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|p|") returned 3 [0064.955] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tn|") returned 4 [0064.955] lstrlenW (lpString="|p|") returned 3 [0064.955] lstrlenW (lpString="|tn|") returned 4 [0064.955] SetLastError (dwErrCode=0x490) [0064.955] lstrlenW (lpString="ru") returned 2 [0064.955] lstrlenW (lpString="ru") returned 2 [0064.955] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.955] lstrlenW (lpString="tn") returned 2 [0064.955] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.955] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|ru|") returned 4 [0064.955] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tn|") returned 4 [0064.955] lstrlenW (lpString="|ru|") returned 4 [0064.955] lstrlenW (lpString="|tn|") returned 4 [0064.955] StrStrIW (lpFirst="|ru|", lpSrch="|tn|") returned 0x0 [0064.955] SetLastError (dwErrCode=0x490) [0064.955] lstrlenW (lpString="rp") returned 2 [0064.955] lstrlenW (lpString="rp") returned 2 [0064.955] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.955] lstrlenW (lpString="tn") returned 2 [0064.955] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.955] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|rp|") returned 4 [0064.955] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tn|") returned 4 [0064.955] lstrlenW (lpString="|rp|") returned 4 [0064.955] lstrlenW (lpString="|tn|") returned 4 [0064.955] StrStrIW (lpFirst="|rp|", lpSrch="|tn|") returned 0x0 [0064.955] SetLastError (dwErrCode=0x490) [0064.955] lstrlenW (lpString="sc") returned 2 [0064.955] lstrlenW (lpString="sc") returned 2 [0064.955] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.955] lstrlenW (lpString="tn") returned 2 [0064.956] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.956] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|sc|") returned 4 [0064.956] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tn|") returned 4 [0064.956] lstrlenW (lpString="|sc|") returned 4 [0064.956] lstrlenW (lpString="|tn|") returned 4 [0064.956] StrStrIW (lpFirst="|sc|", lpSrch="|tn|") returned 0x0 [0064.956] SetLastError (dwErrCode=0x490) [0064.956] lstrlenW (lpString="mo") returned 2 [0064.956] lstrlenW (lpString="mo") returned 2 [0064.956] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.956] lstrlenW (lpString="tn") returned 2 [0064.956] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.956] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|mo|") returned 4 [0064.956] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tn|") returned 4 [0064.956] lstrlenW (lpString="|mo|") returned 4 [0064.956] lstrlenW (lpString="|tn|") returned 4 [0064.956] StrStrIW (lpFirst="|mo|", lpSrch="|tn|") returned 0x0 [0064.956] SetLastError (dwErrCode=0x490) [0064.956] lstrlenW (lpString="d") returned 1 [0064.956] lstrlenW (lpString="d") returned 1 [0064.956] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.956] lstrlenW (lpString="tn") returned 2 [0064.956] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.956] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|d|") returned 3 [0064.956] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tn|") returned 4 [0064.956] lstrlenW (lpString="|d|") returned 3 [0064.956] lstrlenW (lpString="|tn|") returned 4 [0064.956] SetLastError (dwErrCode=0x490) [0064.956] lstrlenW (lpString="m") returned 1 [0064.956] lstrlenW (lpString="m") returned 1 [0064.956] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.956] lstrlenW (lpString="tn") returned 2 [0064.956] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.956] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|m|") returned 3 [0064.956] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tn|") returned 4 [0064.956] lstrlenW (lpString="|m|") returned 3 [0064.956] lstrlenW (lpString="|tn|") returned 4 [0064.957] SetLastError (dwErrCode=0x490) [0064.957] lstrlenW (lpString="i") returned 1 [0064.957] lstrlenW (lpString="i") returned 1 [0064.957] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.957] lstrlenW (lpString="tn") returned 2 [0064.957] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.957] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|i|") returned 3 [0064.957] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tn|") returned 4 [0064.957] lstrlenW (lpString="|i|") returned 3 [0064.957] lstrlenW (lpString="|tn|") returned 4 [0064.957] SetLastError (dwErrCode=0x490) [0064.957] lstrlenW (lpString="tn") returned 2 [0064.957] lstrlenW (lpString="tn") returned 2 [0064.957] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.957] lstrlenW (lpString="tn") returned 2 [0064.957] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.957] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tn|") returned 4 [0064.957] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tn|") returned 4 [0064.957] lstrlenW (lpString="|tn|") returned 4 [0064.957] lstrlenW (lpString="|tn|") returned 4 [0064.957] StrStrIW (lpFirst="|tn|", lpSrch="|tn|") returned="|tn|" [0064.957] SetLastError (dwErrCode=0x0) [0064.957] SetLastError (dwErrCode=0x0) [0064.957] lstrlenW (lpString="'WinUpdt'") returned 9 [0064.957] lstrlenW (lpString="-/") returned 2 [0064.957] StrChrIW (lpStart="-/", wMatch=0x27) returned 0x0 [0064.957] SetLastError (dwErrCode=0x490) [0064.957] SetLastError (dwErrCode=0x490) [0064.957] SetLastError (dwErrCode=0x0) [0064.957] lstrlenW (lpString="'WinUpdt'") returned 9 [0064.957] StrChrIW (lpStart="'WinUpdt'", wMatch=0x3a) returned 0x0 [0064.957] SetLastError (dwErrCode=0x490) [0064.957] SetLastError (dwErrCode=0x0) [0064.957] lstrlenW (lpString="'WinUpdt'") returned 9 [0064.957] SetLastError (dwErrCode=0x0) [0064.957] SetLastError (dwErrCode=0x0) [0064.957] lstrlenW (lpString="/tr") returned 3 [0064.957] lstrlenW (lpString="-/") returned 2 [0064.957] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0064.958] lstrlenW (lpString="create") returned 6 [0064.958] lstrlenW (lpString="create") returned 6 [0064.958] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.958] lstrlenW (lpString="tr") returned 2 [0064.958] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.958] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x9, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|create|") returned 8 [0064.958] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tr|") returned 4 [0064.958] lstrlenW (lpString="|create|") returned 8 [0064.958] lstrlenW (lpString="|tr|") returned 4 [0064.958] StrStrIW (lpFirst="|create|", lpSrch="|tr|") returned 0x0 [0064.958] SetLastError (dwErrCode=0x490) [0064.958] lstrlenW (lpString="?") returned 1 [0064.958] lstrlenW (lpString="?") returned 1 [0064.958] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.958] lstrlenW (lpString="tr") returned 2 [0064.958] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.958] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|?|") returned 3 [0064.958] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tr|") returned 4 [0064.958] lstrlenW (lpString="|?|") returned 3 [0064.958] lstrlenW (lpString="|tr|") returned 4 [0064.958] SetLastError (dwErrCode=0x490) [0064.958] lstrlenW (lpString="s") returned 1 [0064.958] lstrlenW (lpString="s") returned 1 [0064.958] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.958] lstrlenW (lpString="tr") returned 2 [0064.958] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.958] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|s|") returned 3 [0064.958] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tr|") returned 4 [0064.958] lstrlenW (lpString="|s|") returned 3 [0064.958] lstrlenW (lpString="|tr|") returned 4 [0064.958] SetLastError (dwErrCode=0x490) [0064.958] lstrlenW (lpString="u") returned 1 [0064.958] lstrlenW (lpString="u") returned 1 [0064.958] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.958] lstrlenW (lpString="tr") returned 2 [0064.958] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.958] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|u|") returned 3 [0064.959] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tr|") returned 4 [0064.959] lstrlenW (lpString="|u|") returned 3 [0064.959] lstrlenW (lpString="|tr|") returned 4 [0064.959] SetLastError (dwErrCode=0x490) [0064.959] lstrlenW (lpString="p") returned 1 [0064.959] lstrlenW (lpString="p") returned 1 [0064.959] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.959] lstrlenW (lpString="tr") returned 2 [0064.959] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.959] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|p|") returned 3 [0064.959] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tr|") returned 4 [0064.959] lstrlenW (lpString="|p|") returned 3 [0064.959] lstrlenW (lpString="|tr|") returned 4 [0064.959] SetLastError (dwErrCode=0x490) [0064.959] lstrlenW (lpString="ru") returned 2 [0064.959] lstrlenW (lpString="ru") returned 2 [0064.959] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.959] lstrlenW (lpString="tr") returned 2 [0064.959] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.959] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|ru|") returned 4 [0064.959] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tr|") returned 4 [0064.959] lstrlenW (lpString="|ru|") returned 4 [0064.959] lstrlenW (lpString="|tr|") returned 4 [0064.959] StrStrIW (lpFirst="|ru|", lpSrch="|tr|") returned 0x0 [0064.959] SetLastError (dwErrCode=0x490) [0064.959] lstrlenW (lpString="rp") returned 2 [0064.959] lstrlenW (lpString="rp") returned 2 [0064.959] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.959] lstrlenW (lpString="tr") returned 2 [0064.959] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.959] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|rp|") returned 4 [0064.959] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tr|") returned 4 [0064.959] lstrlenW (lpString="|rp|") returned 4 [0064.959] lstrlenW (lpString="|tr|") returned 4 [0064.959] StrStrIW (lpFirst="|rp|", lpSrch="|tr|") returned 0x0 [0064.959] SetLastError (dwErrCode=0x490) [0064.959] lstrlenW (lpString="sc") returned 2 [0064.959] lstrlenW (lpString="sc") returned 2 [0064.960] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.960] lstrlenW (lpString="tr") returned 2 [0064.960] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.960] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|sc|") returned 4 [0064.960] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tr|") returned 4 [0064.960] lstrlenW (lpString="|sc|") returned 4 [0064.960] lstrlenW (lpString="|tr|") returned 4 [0064.960] StrStrIW (lpFirst="|sc|", lpSrch="|tr|") returned 0x0 [0064.960] SetLastError (dwErrCode=0x490) [0064.960] lstrlenW (lpString="mo") returned 2 [0064.960] lstrlenW (lpString="mo") returned 2 [0064.960] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.960] lstrlenW (lpString="tr") returned 2 [0064.960] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.960] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|mo|") returned 4 [0064.960] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tr|") returned 4 [0064.960] lstrlenW (lpString="|mo|") returned 4 [0064.960] lstrlenW (lpString="|tr|") returned 4 [0064.960] StrStrIW (lpFirst="|mo|", lpSrch="|tr|") returned 0x0 [0064.960] SetLastError (dwErrCode=0x490) [0064.960] lstrlenW (lpString="d") returned 1 [0064.960] lstrlenW (lpString="d") returned 1 [0064.960] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.960] lstrlenW (lpString="tr") returned 2 [0064.960] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.960] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|d|") returned 3 [0064.960] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tr|") returned 4 [0064.960] lstrlenW (lpString="|d|") returned 3 [0064.960] lstrlenW (lpString="|tr|") returned 4 [0064.960] SetLastError (dwErrCode=0x490) [0064.960] lstrlenW (lpString="m") returned 1 [0064.960] lstrlenW (lpString="m") returned 1 [0064.960] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.960] lstrlenW (lpString="tr") returned 2 [0064.960] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.960] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|m|") returned 3 [0064.960] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tr|") returned 4 [0064.961] lstrlenW (lpString="|m|") returned 3 [0064.961] lstrlenW (lpString="|tr|") returned 4 [0064.961] SetLastError (dwErrCode=0x490) [0064.961] lstrlenW (lpString="i") returned 1 [0064.961] lstrlenW (lpString="i") returned 1 [0064.961] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.961] lstrlenW (lpString="tr") returned 2 [0064.961] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.961] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x4, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|i|") returned 3 [0064.961] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tr|") returned 4 [0064.961] lstrlenW (lpString="|i|") returned 3 [0064.961] lstrlenW (lpString="|tr|") returned 4 [0064.961] SetLastError (dwErrCode=0x490) [0064.961] lstrlenW (lpString="tn") returned 2 [0064.961] lstrlenW (lpString="tn") returned 2 [0064.961] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.961] lstrlenW (lpString="tr") returned 2 [0064.961] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.961] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tn|") returned 4 [0064.961] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tr|") returned 4 [0064.961] lstrlenW (lpString="|tn|") returned 4 [0064.961] lstrlenW (lpString="|tr|") returned 4 [0064.961] StrStrIW (lpFirst="|tn|", lpSrch="|tr|") returned 0x0 [0064.961] SetLastError (dwErrCode=0x490) [0064.961] lstrlenW (lpString="tr") returned 2 [0064.961] lstrlenW (lpString="tr") returned 2 [0064.961] _memicmp (_Buf1=0x5a4c90, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.961] lstrlenW (lpString="tr") returned 2 [0064.961] _memicmp (_Buf1=0x5a4cc0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.961] _vsnwprintf (in: _Buffer=0x5a5318, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tr|") returned 4 [0064.961] _vsnwprintf (in: _Buffer=0x5a52d8, _BufferCount=0x5, _Format="|%s|", _ArgList=0x14cb9c | out: _Buffer="|tr|") returned 4 [0064.961] lstrlenW (lpString="|tr|") returned 4 [0064.961] lstrlenW (lpString="|tr|") returned 4 [0064.961] StrStrIW (lpFirst="|tr|", lpSrch="|tr|") returned="|tr|" [0064.961] SetLastError (dwErrCode=0x0) [0064.961] SetLastError (dwErrCode=0x0) [0064.961] lstrlenW (lpString="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'") returned 59 [0064.962] lstrlenW (lpString="-/") returned 2 [0064.962] StrChrIW (lpStart="-/", wMatch=0x27) returned 0x0 [0064.962] SetLastError (dwErrCode=0x490) [0064.962] SetLastError (dwErrCode=0x490) [0064.962] SetLastError (dwErrCode=0x0) [0064.962] lstrlenW (lpString="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'") returned 59 [0064.962] StrChrIW (lpStart="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'", wMatch=0x3a) returned=":\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'" [0064.962] lstrlenW (lpString="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'") returned 59 [0064.962] _memicmp (_Buf1=0x5a4cf0, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.962] _memicmp (_Buf1=0x5a4d20, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.962] SetLastError (dwErrCode=0x7a) [0064.962] SetLastError (dwErrCode=0x0) [0064.962] SetLastError (dwErrCode=0x0) [0064.962] lstrlenW (lpString="'C") returned 2 [0064.962] lstrlenW (lpString="-/") returned 2 [0064.962] StrChrIW (lpStart="-/", wMatch=0x27) returned 0x0 [0064.962] SetLastError (dwErrCode=0x490) [0064.962] SetLastError (dwErrCode=0x490) [0064.962] SetLastError (dwErrCode=0x0) [0064.962] _memicmp (_Buf1=0x5a4cd8, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.962] lstrlenW (lpString="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'") returned 59 [0064.962] GetProcessHeap () returned 0x590000 [0064.962] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4ca8) returned 1 [0064.962] GetProcessHeap () returned 0x590000 [0064.962] RtlReAllocateHeap (Heap=0x590000, Flags=0xc, Ptr=0x5a4ca8, Size=0x78) returned 0x59f6f0 [0064.962] lstrlenW (lpString="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'") returned 59 [0064.962] lstrlenW (lpString=" \x09") returned 2 [0064.962] StrChrW (lpStart=" \x09", wMatch=0x27) returned 0x0 [0064.962] StrChrW (lpStart=" \x09", wMatch=0x27) returned 0x0 [0064.962] StrChrW (lpStart=" \x09", wMatch=0x43) returned 0x0 [0064.962] StrChrW (lpStart=" \x09", wMatch=0x3a) returned 0x0 [0064.962] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0064.962] StrChrW (lpStart=" \x09", wMatch=0x55) returned 0x0 [0064.962] StrChrW (lpStart=" \x09", wMatch=0x73) returned 0x0 [0064.962] StrChrW (lpStart=" \x09", wMatch=0x65) returned 0x0 [0064.962] StrChrW (lpStart=" \x09", wMatch=0x72) returned 0x0 [0064.962] StrChrW (lpStart=" \x09", wMatch=0x73) returned 0x0 [0064.962] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0064.962] StrChrW (lpStart=" \x09", wMatch=0x35) returned 0x0 [0064.962] StrChrW (lpStart=" \x09", wMatch=0x70) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x35) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x4e) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x72) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x47) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x4a) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x6e) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x30) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x6a) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x53) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x20) returned=" \x09" [0064.963] StrChrW (lpStart=" \x09", wMatch=0x48) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x41) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x4c) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x50) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x6d) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x63) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x78) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x7a) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x41) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x70) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x70) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x44) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x61) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x74) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x61) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x52) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x6f) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x61) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x6d) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x69) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x6e) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x67) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x57) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x69) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x6e) returned 0x0 [0064.963] StrChrW (lpStart=" \x09", wMatch=0x55) returned 0x0 [0064.964] StrChrW (lpStart=" \x09", wMatch=0x70) returned 0x0 [0064.964] StrChrW (lpStart=" \x09", wMatch=0x64) returned 0x0 [0064.964] StrChrW (lpStart=" \x09", wMatch=0x74) returned 0x0 [0064.964] StrChrW (lpStart=" \x09", wMatch=0x2e) returned 0x0 [0064.964] StrChrW (lpStart=" \x09", wMatch=0x65) returned 0x0 [0064.964] StrChrW (lpStart=" \x09", wMatch=0x78) returned 0x0 [0064.964] StrChrW (lpStart=" \x09", wMatch=0x65) returned 0x0 [0064.964] StrChrW (lpStart=" \x09", wMatch=0x27) returned 0x0 [0064.964] GetLastError () returned 0x0 [0064.964] lstrlenW (lpString="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'") returned 59 [0064.964] lstrlenW (lpString="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'") returned 59 [0064.964] SetLastError (dwErrCode=0x0) [0064.964] GetProcessHeap () returned 0x590000 [0064.964] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a53d8 [0064.964] _memicmp (_Buf1=0x5a4c78, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.964] LoadStringW (in: hInstance=0x0, uID=0x20d, lpBuffer=0x5a66d8, cchBufferMax=256 | out: lpBuffer="LIMITED") returned 0x7 [0064.964] lstrlenW (lpString="LIMITED") returned 7 [0064.964] GetProcessHeap () returned 0x590000 [0064.964] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x10) returned 0x5a4ca8 [0064.964] GetThreadLocale () returned 0x409 [0064.964] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="HIGHEST", cchCount1=-1, lpString2="LIMITED", cchCount2=-1) returned 1 [0064.964] GetProcessHeap () returned 0x590000 [0064.964] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a53b8 [0064.964] _memicmp (_Buf1=0x5a4c78, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.964] LoadStringW (in: hInstance=0x0, uID=0x20e, lpBuffer=0x5a66d8, cchBufferMax=256 | out: lpBuffer="HIGHEST") returned 0x7 [0064.964] lstrlenW (lpString="HIGHEST") returned 7 [0064.964] GetProcessHeap () returned 0x590000 [0064.964] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x10) returned 0x5a4d38 [0064.964] GetThreadLocale () returned 0x409 [0064.964] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="HIGHEST", cchCount1=-1, lpString2="HIGHEST", cchCount2=-1) returned 2 [0064.964] GetProcessHeap () returned 0x590000 [0064.964] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a5398 [0064.964] _memicmp (_Buf1=0x5a4c78, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.965] LoadStringW (in: hInstance=0x0, uID=0x1ae, lpBuffer=0x5a66d8, cchBufferMax=256 | out: lpBuffer="MINUTE") returned 0x6 [0064.965] lstrlenW (lpString="MINUTE") returned 6 [0064.965] GetProcessHeap () returned 0x590000 [0064.965] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0xe) returned 0x5a4d50 [0064.965] GetThreadLocale () returned 0x409 [0064.965] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="ONLOGON", cchCount1=-1, lpString2="MINUTE", cchCount2=-1) returned 3 [0064.965] GetProcessHeap () returned 0x590000 [0064.965] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a5378 [0064.965] _memicmp (_Buf1=0x5a4c78, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.965] LoadStringW (in: hInstance=0x0, uID=0x1af, lpBuffer=0x5a66d8, cchBufferMax=256 | out: lpBuffer="HOURLY") returned 0x6 [0064.965] lstrlenW (lpString="HOURLY") returned 6 [0064.965] GetProcessHeap () returned 0x590000 [0064.965] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0xe) returned 0x5a4d68 [0064.965] GetThreadLocale () returned 0x409 [0064.965] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="ONLOGON", cchCount1=-1, lpString2="HOURLY", cchCount2=-1) returned 3 [0064.965] GetProcessHeap () returned 0x590000 [0064.965] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a5358 [0064.965] _memicmp (_Buf1=0x5a4c78, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.965] LoadStringW (in: hInstance=0x0, uID=0x1b0, lpBuffer=0x5a66d8, cchBufferMax=256 | out: lpBuffer="DAILY") returned 0x5 [0064.965] lstrlenW (lpString="DAILY") returned 5 [0064.965] GetProcessHeap () returned 0x590000 [0064.965] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0xc) returned 0x5a4d80 [0064.965] GetThreadLocale () returned 0x409 [0064.965] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="ONLOGON", cchCount1=-1, lpString2="DAILY", cchCount2=-1) returned 3 [0064.965] GetProcessHeap () returned 0x590000 [0064.965] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a5338 [0064.965] _memicmp (_Buf1=0x5a4c78, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.965] LoadStringW (in: hInstance=0x0, uID=0x1b1, lpBuffer=0x5a66d8, cchBufferMax=256 | out: lpBuffer="WEEKLY") returned 0x6 [0064.965] lstrlenW (lpString="WEEKLY") returned 6 [0064.965] GetProcessHeap () returned 0x590000 [0064.965] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0xe) returned 0x5a4d98 [0064.965] GetThreadLocale () returned 0x409 [0064.965] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="ONLOGON", cchCount1=-1, lpString2="WEEKLY", cchCount2=-1) returned 1 [0064.965] GetProcessHeap () returned 0x590000 [0064.965] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x14) returned 0x5a52f8 [0064.965] _memicmp (_Buf1=0x5a4c78, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.965] LoadStringW (in: hInstance=0x0, uID=0x1b2, lpBuffer=0x5a66d8, cchBufferMax=256 | out: lpBuffer="MONTHLY") returned 0x7 [0064.966] lstrlenW (lpString="MONTHLY") returned 7 [0064.966] GetProcessHeap () returned 0x590000 [0064.966] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x10) returned 0x5a4db0 [0064.966] GetThreadLocale () returned 0x409 [0064.966] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="ONLOGON", cchCount1=-1, lpString2="MONTHLY", cchCount2=-1) returned 3 [0064.966] _memicmp (_Buf1=0x5a4c78, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.966] LoadStringW (in: hInstance=0x0, uID=0x1b3, lpBuffer=0x5a66d8, cchBufferMax=256 | out: lpBuffer="ONCE") returned 0x4 [0064.966] lstrlenW (lpString="ONCE") returned 4 [0064.966] GetProcessHeap () returned 0x590000 [0064.966] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0xa) returned 0x5a4dc8 [0064.966] GetThreadLocale () returned 0x409 [0064.966] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="ONLOGON", cchCount1=-1, lpString2="ONCE", cchCount2=-1) returned 3 [0064.966] _memicmp (_Buf1=0x5a4c78, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.966] LoadStringW (in: hInstance=0x0, uID=0x1b4, lpBuffer=0x5a66d8, cchBufferMax=256 | out: lpBuffer="ONSTART") returned 0x7 [0064.966] lstrlenW (lpString="ONSTART") returned 7 [0064.966] GetThreadLocale () returned 0x409 [0064.966] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="ONLOGON", cchCount1=-1, lpString2="ONSTART", cchCount2=-1) returned 1 [0064.966] _memicmp (_Buf1=0x5a4c78, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.966] LoadStringW (in: hInstance=0x0, uID=0x1b5, lpBuffer=0x5a66d8, cchBufferMax=256 | out: lpBuffer="ONLOGON") returned 0x7 [0064.966] lstrlenW (lpString="ONLOGON") returned 7 [0064.966] GetThreadLocale () returned 0x409 [0064.966] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="ONLOGON", cchCount1=-1, lpString2="ONLOGON", cchCount2=-1) returned 2 [0064.966] SetLastError (dwErrCode=0x0) [0064.966] GetProcessHeap () returned 0x590000 [0064.966] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x1fc) returned 0x5a69f0 [0064.966] _memicmp (_Buf1=0x5a4c78, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.966] LoadStringW (in: hInstance=0x0, uID=0x1d7, lpBuffer=0x5a66d8, cchBufferMax=256 | out: lpBuffer="First") returned 0x5 [0064.966] lstrlenW (lpString="First") returned 5 [0064.966] _memicmp (_Buf1=0x5a4c78, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.966] LoadStringW (in: hInstance=0x0, uID=0x1d8, lpBuffer=0x5a66d8, cchBufferMax=256 | out: lpBuffer="Second") returned 0x6 [0064.966] lstrlenW (lpString="Second") returned 6 [0064.966] _memicmp (_Buf1=0x5a4c78, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.967] LoadStringW (in: hInstance=0x0, uID=0x1d9, lpBuffer=0x5a66d8, cchBufferMax=256 | out: lpBuffer="Third") returned 0x5 [0064.967] lstrlenW (lpString="Third") returned 5 [0064.967] _memicmp (_Buf1=0x5a4c78, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.967] LoadStringW (in: hInstance=0x0, uID=0x1da, lpBuffer=0x5a66d8, cchBufferMax=256 | out: lpBuffer="Fourth") returned 0x6 [0064.967] lstrlenW (lpString="Fourth") returned 6 [0064.967] _memicmp (_Buf1=0x5a4c78, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0064.967] LoadStringW (in: hInstance=0x0, uID=0x1db, lpBuffer=0x5a66d8, cchBufferMax=256 | out: lpBuffer="Last") returned 0x4 [0064.967] lstrlenW (lpString="Last") returned 4 [0065.000] _memicmp (_Buf1=0x5a4c78, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0065.000] LoadStringW (in: hInstance=0x0, uID=0x1d7, lpBuffer=0x5a66d8, cchBufferMax=256 | out: lpBuffer="First") returned 0x5 [0065.000] lstrlenW (lpString="First") returned 5 [0065.000] _memicmp (_Buf1=0x5a4c78, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0065.000] LoadStringW (in: hInstance=0x0, uID=0x1d8, lpBuffer=0x5a66d8, cchBufferMax=256 | out: lpBuffer="Second") returned 0x6 [0065.000] lstrlenW (lpString="Second") returned 6 [0065.000] _memicmp (_Buf1=0x5a4c78, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0065.000] LoadStringW (in: hInstance=0x0, uID=0x1d9, lpBuffer=0x5a66d8, cchBufferMax=256 | out: lpBuffer="Third") returned 0x5 [0065.000] lstrlenW (lpString="Third") returned 5 [0065.000] GetProcessHeap () returned 0x590000 [0065.000] GetProcessHeap () returned 0x590000 [0065.000] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4dc8) returned 1 [0065.000] GetProcessHeap () returned 0x590000 [0065.000] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4dc8) returned 0xa [0065.000] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4dc8 | out: hHeap=0x590000) returned 1 [0065.000] GetProcessHeap () returned 0x590000 [0065.000] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0xc) returned 0x5a4dc8 [0065.000] _memicmp (_Buf1=0x5a4c78, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0065.000] LoadStringW (in: hInstance=0x0, uID=0x1da, lpBuffer=0x5a66d8, cchBufferMax=256 | out: lpBuffer="Fourth") returned 0x6 [0065.000] lstrlenW (lpString="Fourth") returned 6 [0065.001] _memicmp (_Buf1=0x5a4c78, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0065.001] LoadStringW (in: hInstance=0x0, uID=0x1db, lpBuffer=0x5a66d8, cchBufferMax=256 | out: lpBuffer="Last") returned 0x4 [0065.001] lstrlenW (lpString="Last") returned 4 [0065.001] GetLocaleInfoW (in: Locale=0x400, LCType=0x21, lpLCData=0x14ca40, cchData=128 | out: lpLCData="0") returned 2 [0065.001] _memicmp (_Buf1=0x5a4c78, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0065.001] LoadStringW (in: hInstance=0x0, uID=0x19c, lpBuffer=0x5a66d8, cchBufferMax=256 | out: lpBuffer="mm/dd/yyyy") returned 0xa [0065.001] lstrlenW (lpString="mm/dd/yyyy") returned 10 [0065.001] GetProcessHeap () returned 0x590000 [0065.001] GetProcessHeap () returned 0x590000 [0065.001] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4ca8) returned 1 [0065.001] GetProcessHeap () returned 0x590000 [0065.001] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4ca8) returned 0x10 [0065.001] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4ca8 | out: hHeap=0x590000) returned 1 [0065.001] GetProcessHeap () returned 0x590000 [0065.001] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x16) returned 0x5a5458 [0065.001] GetLocaleInfoW (in: Locale=0x400, LCType=0x21, lpLCData=0x14ca48, cchData=128 | out: lpLCData="0") returned 2 [0065.001] _memicmp (_Buf1=0x5a4c78, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0065.001] LoadStringW (in: hInstance=0x0, uID=0x19c, lpBuffer=0x5a66d8, cchBufferMax=256 | out: lpBuffer="mm/dd/yyyy") returned 0xa [0065.001] lstrlenW (lpString="mm/dd/yyyy") returned 10 [0065.002] GetProcessHeap () returned 0x590000 [0065.002] GetProcessHeap () returned 0x590000 [0065.002] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4d38) returned 1 [0065.002] GetProcessHeap () returned 0x590000 [0065.002] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4d38) returned 0x10 [0065.002] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4d38 | out: hHeap=0x590000) returned 1 [0065.002] GetProcessHeap () returned 0x590000 [0065.002] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x16) returned 0x5a5478 [0065.002] GetLocalTime (in: lpSystemTime=0x14cbf8 | out: lpSystemTime=0x14cbf8*(wYear=0x7e4, wMonth=0x3, wDayOfWeek=0x2, wDay=0x3, wHour=0x2, wMinute=0x28, wSecond=0x0, wMilliseconds=0x3c1)) [0065.002] GetLocalTime (in: lpSystemTime=0x14d014 | out: lpSystemTime=0x14d014*(wYear=0x7e4, wMonth=0x3, wDayOfWeek=0x2, wDay=0x3, wHour=0x2, wMinute=0x28, wSecond=0x0, wMilliseconds=0x3c1)) [0065.002] lstrlenW (lpString="") returned 0 [0065.002] lstrlenW (lpString="") returned 0 [0065.002] lstrlenW (lpString="") returned 0 [0065.002] lstrlenW (lpString="") returned 0 [0065.002] lstrlenW (lpString="") returned 0 [0065.002] lstrlenW (lpString="") returned 0 [0065.002] lstrlenW (lpString="") returned 0 [0065.002] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0065.051] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0065.191] CoCreateInstance (in: rclsid=0xee230c*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x17, riid=0xee20fc*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0x14cfcc | out: ppv=0x14cfcc*=0x243e20) returned 0x0 [0065.391] TaskScheduler:ITaskService:Connect (This=0x243e20, serverName=0x14cf3c*(varType=0x8, wReserved1=0xcc8f, wReserved2=0xcfd0, wReserved3=0x14, varVal1=0x0, varVal2=0x14cfb4), user=0x14cf4c*(varType=0x0, wReserved1=0x76c1, wReserved2=0x1247, wReserved3=0x84e6, varVal1=0x14eaa8, varVal2=0x14deb8), domain=0x14cf5c*(varType=0x0, wReserved1=0x87a3, wReserved2=0xde80, wReserved3=0x14, varVal1=0xee994e, varVal2=0x14f4a4), password=0x14cf6c*(varType=0x0, wReserved1=0x77ca, wReserved2=0x3c, wReserved3=0x0, varVal1=0xcc8f8800, varVal2=0xffffffa3)) returned 0x0 [0065.486] TaskScheduler:IUnknown:AddRef (This=0x243e20) returned 0x2 [0065.486] TaskScheduler:ITaskService:GetFolder (in: This=0x243e20, Path=0x0, ppFolder=0x14d070 | out: ppFolder=0x14d070*=0x243e88) returned 0x0 [0065.490] TaskScheduler:ITaskService:NewTask (in: This=0x243e20, flags=0x0, ppDefinition=0x14d080 | out: ppDefinition=0x14d080*=0x243ec8) returned 0x0 [0065.493] ITaskDefinition:get_Actions (in: This=0x243ec8, ppActions=0x14cfcc | out: ppActions=0x14cfcc*=0x243f40) returned 0x0 [0065.493] IActionCollection:Create (in: This=0x243f40, Type=0, ppAction=0x14cfe4 | out: ppAction=0x14cfe4*=0x2428d8) returned 0x0 [0065.494] lstrlenW (lpString="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'") returned 59 [0065.494] lstrlenW (lpString="'C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe'") returned 59 [0065.494] lstrlenW (lpString=" ") returned 1 [0065.494] StrChrW (lpStart=" ", wMatch=0x27) returned 0x0 [0065.494] StrChrW (lpStart=" ", wMatch=0x27) returned 0x0 [0065.494] StrChrW (lpStart=" ", wMatch=0x43) returned 0x0 [0065.494] StrChrW (lpStart=" ", wMatch=0x3a) returned 0x0 [0065.494] StrChrW (lpStart=" ", wMatch=0x5c) returned 0x0 [0065.494] StrChrW (lpStart=" ", wMatch=0x55) returned 0x0 [0065.494] StrChrW (lpStart=" ", wMatch=0x73) returned 0x0 [0065.494] StrChrW (lpStart=" ", wMatch=0x65) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x72) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x73) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x5c) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x35) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x70) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x35) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x4e) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x72) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x47) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x4a) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x6e) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x30) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x6a) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x53) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x20) returned=" " [0065.495] StrChrW (lpStart=" ", wMatch=0x48) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x41) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x4c) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x50) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x6d) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x63) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x78) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x7a) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x5c) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x41) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x70) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x70) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x44) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x61) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x74) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x61) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x5c) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x52) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x6f) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x61) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x6d) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x69) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x6e) returned 0x0 [0065.495] StrChrW (lpStart=" ", wMatch=0x67) returned 0x0 [0065.496] StrChrW (lpStart=" ", wMatch=0x5c) returned 0x0 [0065.496] StrChrW (lpStart=" ", wMatch=0x57) returned 0x0 [0065.496] StrChrW (lpStart=" ", wMatch=0x69) returned 0x0 [0065.496] StrChrW (lpStart=" ", wMatch=0x6e) returned 0x0 [0065.496] StrChrW (lpStart=" ", wMatch=0x55) returned 0x0 [0065.496] StrChrW (lpStart=" ", wMatch=0x70) returned 0x0 [0065.496] StrChrW (lpStart=" ", wMatch=0x64) returned 0x0 [0065.496] StrChrW (lpStart=" ", wMatch=0x74) returned 0x0 [0065.496] StrChrW (lpStart=" ", wMatch=0x2e) returned 0x0 [0065.496] StrChrW (lpStart=" ", wMatch=0x65) returned 0x0 [0065.496] StrChrW (lpStart=" ", wMatch=0x78) returned 0x0 [0065.496] StrChrW (lpStart=" ", wMatch=0x65) returned 0x0 [0065.496] StrChrW (lpStart=" ", wMatch=0x27) returned 0x0 [0065.496] IUnknown:Release (This=0x2428d8) returned 0x1 [0065.496] IUnknown:Release (This=0x243f40) returned 0x1 [0065.496] ITaskDefinition:get_Triggers (in: This=0x243ec8, ppTriggers=0x14cbb8 | out: ppTriggers=0x14cbb8*=0x243f88) returned 0x0 [0065.496] ITriggerCollection:Create (in: This=0x243f88, Type=9, ppTrigger=0x14cbc4 | out: ppTrigger=0x14cbc4*=0x242918) returned 0x0 [0065.499] IUnknown:QueryInterface (in: This=0x242918, riid=0xee1528*(Data1=0x72dade38, Data2=0xfae4, Data3=0x4b3e, Data4=([0]=0xba, [1]=0xf4, [2]=0x5d, [3]=0x0, [4]=0x9a, [5]=0xf0, [6]=0x2b, [7]=0x1c)), ppvObject=0x14cbb0 | out: ppvObject=0x14cbb0*=0x242918) returned 0x0 [0065.499] IUnknown:Release (This=0x242918) returned 0x2 [0065.499] _vsnwprintf (in: _Buffer=0x14cb28, _BufferCount=0x1f, _Format="%04u-%02u-%02dT%02u:%02u:00", _ArgList=0x14cb10 | out: _Buffer="2020-03-03T02:40:00") returned 19 [0065.499] ITrigger:put_StartBoundary (This=0x242918, StartBoundary="2020-03-03T02:40:00") returned 0x0 [0065.499] lstrlenW (lpString="") returned 0 [0065.499] lstrlenW (lpString="") returned 0 [0065.499] lstrlenW (lpString="") returned 0 [0065.499] lstrlenW (lpString="") returned 0 [0065.499] IUnknown:Release (This=0x242918) returned 0x1 [0065.499] IUnknown:Release (This=0x243f88) returned 0x1 [0065.499] ITaskDefinition:get_Settings (in: This=0x243ec8, ppSettings=0x14cfd4 | out: ppSettings=0x14cfd4*=0x242798) returned 0x0 [0065.499] lstrlenW (lpString="") returned 0 [0065.499] IUnknown:Release (This=0x242798) returned 0x1 [0065.499] GetLocalTime (in: lpSystemTime=0x14cec4 | out: lpSystemTime=0x14cec4*(wYear=0x7e4, wMonth=0x3, wDayOfWeek=0x2, wDay=0x3, wHour=0x2, wMinute=0x28, wSecond=0x1, wMilliseconds=0x140)) [0065.500] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0065.500] GetProcAddress (hModule=0x77710000, lpProcName="GetUserNameW") returned 0x7772157a [0065.500] GetUserNameW (in: lpBuffer=0x14ced8, pcbBuffer=0x14cec0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x14cec0) returned 1 [0065.500] ITaskDefinition:get_RegistrationInfo (in: This=0x243ec8, ppRegistrationInfo=0x14ced4 | out: ppRegistrationInfo=0x14ced4*=0x242728) returned 0x0 [0065.500] IRegistrationInfo:put_Author (This=0x242728, Author="5p5NrGJn0jS HALPmcxz") returned 0x0 [0065.500] _vsnwprintf (in: _Buffer=0x14ced8, _BufferCount=0x7f, _Format="%d-%02d-%02dT%02d:%02d:%02d", _ArgList=0x14ce98 | out: _Buffer="2020-03-03T02:40:01") returned 19 [0065.500] IRegistrationInfo:put_Date (This=0x242728, Date="2020-03-03T02:40:01") returned 0x0 [0065.500] IUnknown:Release (This=0x242728) returned 0x1 [0065.501] malloc (_Size=0xc) returned 0x2429a0 [0065.501] free (_Block=0x2429a0) [0065.501] lstrlenW (lpString="") returned 0 [0065.501] ITaskDefinition:get_Principal (in: This=0x243ec8, ppPrincipal=0x14d078 | out: ppPrincipal=0x14d078*=0x242878) returned 0x0 [0065.501] IPrincipal:put_RunLevel (This=0x242878, RunLevel=1) returned 0x0 [0065.501] IUnknown:Release (This=0x242878) returned 0x1 [0065.501] malloc (_Size=0xc) returned 0x2429a0 [0065.501] ITaskFolder:RegisterTaskDefinition (in: This=0x243e88, Path="'WinUpdt'", pDefinition=0x243ec8, flags=6, UserId=0x14cfbc*(varType=0x0, wReserved1=0x0, wReserved2=0x4150, wReserved3=0x5352, varVal1=0x325245, varVal2=0x1), password=0x14cfcc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), LogonType=3, sddl=0x14cfe0*(varType=0x0, wReserved1=0x0, wReserved2=0xcc68, wReserved3=0x14, varVal1=0x0, varVal2=0x0), ppTask=0x14d06c | out: ppTask=0x14d06c*=0x243fe8) returned 0x0 [0066.485] free (_Block=0x2429a0) [0066.485] _memicmp (_Buf1=0x5a4c78, _Buf2=0xee1ed8, _Size=0x7) returned 0 [0066.485] LoadStringW (in: hInstance=0x0, uID=0x12e, lpBuffer=0x5a66d8, cchBufferMax=256 | out: lpBuffer="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 0x40 [0066.485] lstrlenW (lpString="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 64 [0066.485] GetProcessHeap () returned 0x590000 [0066.485] GetProcessHeap () returned 0x590000 [0066.485] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4d50) returned 1 [0066.485] GetProcessHeap () returned 0x590000 [0066.485] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4d50) returned 0xe [0066.485] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4d50 | out: hHeap=0x590000) returned 1 [0066.485] GetProcessHeap () returned 0x590000 [0066.485] RtlAllocateHeap (HeapHandle=0x590000, Flags=0xc, Size=0x82) returned 0x5b48d0 [0066.485] _vsnwprintf (in: _Buffer=0x14d484, _BufferCount=0x1fb, _Format="SUCCESS: The scheduled task \"%s\" has successfully been created.\n", _ArgList=0x14cff0 | out: _Buffer="SUCCESS: The scheduled task \"'WinUpdt'\" has successfully been created.\n") returned 71 [0066.485] _fileno (_File=0x77032920) returned 1 [0066.485] _errno () returned 0x2407d8 [0066.485] _get_osfhandle (_FileHandle=1) returned 0x7 [0066.485] _errno () returned 0x2407d8 [0066.485] GetFileType (hFile=0x7) returned 0x2 [0066.486] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0066.486] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x14cfb4 | out: lpMode=0x14cfb4) returned 1 [0066.486] __iob_func () returned 0x77032900 [0066.486] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0066.486] lstrlenW (lpString="SUCCESS: The scheduled task \"'WinUpdt'\" has successfully been created.\n") returned 71 [0066.486] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x14d484*, nNumberOfCharsToWrite=0x47, lpNumberOfCharsWritten=0x14cfdc, lpReserved=0x0 | out: lpBuffer=0x14d484*, lpNumberOfCharsWritten=0x14cfdc*=0x47) returned 1 [0066.487] IUnknown:Release (This=0x243fe8) returned 0x0 [0066.487] TaskScheduler:IUnknown:Release (This=0x243ec8) returned 0x0 [0066.489] TaskScheduler:IUnknown:Release (This=0x243e88) returned 0x0 [0066.489] TaskScheduler:IUnknown:Release (This=0x243e20) returned 0x1 [0066.489] lstrlenW (lpString="") returned 0 [0066.489] GetProcessHeap () returned 0x590000 [0066.489] GetProcessHeap () returned 0x590000 [0066.489] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a69f0) returned 1 [0066.489] GetProcessHeap () returned 0x590000 [0066.489] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a69f0) returned 0x1fc [0066.489] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a69f0 | out: hHeap=0x590000) returned 1 [0066.489] GetProcessHeap () returned 0x590000 [0066.489] GetProcessHeap () returned 0x590000 [0066.489] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5418) returned 1 [0066.489] GetProcessHeap () returned 0x590000 [0066.489] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5418) returned 0x16 [0066.489] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5418 | out: hHeap=0x590000) returned 1 [0066.489] GetProcessHeap () returned 0x590000 [0066.489] GetProcessHeap () returned 0x590000 [0066.489] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4b88) returned 1 [0066.489] GetProcessHeap () returned 0x590000 [0066.489] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4b88) returned 0x10 [0066.489] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4b88 | out: hHeap=0x590000) returned 1 [0066.489] GetProcessHeap () returned 0x590000 [0066.490] GetProcessHeap () returned 0x590000 [0066.490] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5438) returned 1 [0066.490] GetProcessHeap () returned 0x590000 [0066.490] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5438) returned 0x14 [0066.490] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5438 | out: hHeap=0x590000) returned 1 [0066.490] GetProcessHeap () returned 0x590000 [0066.490] GetProcessHeap () returned 0x590000 [0066.490] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6630) returned 1 [0066.490] GetProcessHeap () returned 0x590000 [0066.490] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a6630) returned 0xa0 [0066.490] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6630 | out: hHeap=0x590000) returned 1 [0066.490] GetProcessHeap () returned 0x590000 [0066.490] GetProcessHeap () returned 0x590000 [0066.490] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4c60) returned 1 [0066.490] GetProcessHeap () returned 0x590000 [0066.490] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4c60) returned 0x10 [0066.490] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4c60 | out: hHeap=0x590000) returned 1 [0066.490] GetProcessHeap () returned 0x590000 [0066.490] GetProcessHeap () returned 0x590000 [0066.490] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5258) returned 1 [0066.490] GetProcessHeap () returned 0x590000 [0066.490] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5258) returned 0x14 [0066.490] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5258 | out: hHeap=0x590000) returned 1 [0066.490] GetProcessHeap () returned 0x590000 [0066.490] GetProcessHeap () returned 0x590000 [0066.490] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x59f6f0) returned 1 [0066.490] GetProcessHeap () returned 0x590000 [0066.490] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x59f6f0) returned 0x78 [0066.490] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x59f6f0 | out: hHeap=0x590000) returned 1 [0066.490] GetProcessHeap () returned 0x590000 [0066.490] GetProcessHeap () returned 0x590000 [0066.490] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4cd8) returned 1 [0066.490] GetProcessHeap () returned 0x590000 [0066.490] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4cd8) returned 0x10 [0066.490] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4cd8 | out: hHeap=0x590000) returned 1 [0066.490] GetProcessHeap () returned 0x590000 [0066.491] GetProcessHeap () returned 0x590000 [0066.491] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5238) returned 1 [0066.491] GetProcessHeap () returned 0x590000 [0066.491] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5238) returned 0x14 [0066.491] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5238 | out: hHeap=0x590000) returned 1 [0066.491] GetProcessHeap () returned 0x590000 [0066.491] GetProcessHeap () returned 0x590000 [0066.491] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6968) returned 1 [0066.491] GetProcessHeap () returned 0x590000 [0066.491] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a6968) returned 0x7a [0066.491] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6968 | out: hHeap=0x590000) returned 1 [0066.491] GetProcessHeap () returned 0x590000 [0066.491] GetProcessHeap () returned 0x590000 [0066.491] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4d20) returned 1 [0066.491] GetProcessHeap () returned 0x590000 [0066.491] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4d20) returned 0x10 [0066.491] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4d20 | out: hHeap=0x590000) returned 1 [0066.491] GetProcessHeap () returned 0x590000 [0066.491] GetProcessHeap () returned 0x590000 [0066.491] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5218) returned 1 [0066.491] GetProcessHeap () returned 0x590000 [0066.491] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5218) returned 0x14 [0066.491] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5218 | out: hHeap=0x590000) returned 1 [0066.491] GetProcessHeap () returned 0x590000 [0066.491] GetProcessHeap () returned 0x590000 [0066.491] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4d08) returned 1 [0066.491] GetProcessHeap () returned 0x590000 [0066.491] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4d08) returned 0xe [0066.491] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4d08 | out: hHeap=0x590000) returned 1 [0066.491] GetProcessHeap () returned 0x590000 [0066.491] GetProcessHeap () returned 0x590000 [0066.491] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4cf0) returned 1 [0066.491] GetProcessHeap () returned 0x590000 [0066.491] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4cf0) returned 0x10 [0066.491] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4cf0 | out: hHeap=0x590000) returned 1 [0066.491] GetProcessHeap () returned 0x590000 [0066.491] GetProcessHeap () returned 0x590000 [0066.491] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a51f8) returned 1 [0066.491] GetProcessHeap () returned 0x590000 [0066.491] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a51f8) returned 0x14 [0066.492] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a51f8 | out: hHeap=0x590000) returned 1 [0066.492] GetProcessHeap () returned 0x590000 [0066.492] GetProcessHeap () returned 0x590000 [0066.492] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5a40) returned 1 [0066.492] GetProcessHeap () returned 0x590000 [0066.492] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5a40) returned 0x208 [0066.492] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5a40 | out: hHeap=0x590000) returned 1 [0066.492] GetProcessHeap () returned 0x590000 [0066.492] GetProcessHeap () returned 0x590000 [0066.492] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4c00) returned 1 [0066.492] GetProcessHeap () returned 0x590000 [0066.492] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4c00) returned 0x10 [0066.492] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4c00 | out: hHeap=0x590000) returned 1 [0066.492] GetProcessHeap () returned 0x590000 [0066.492] GetProcessHeap () returned 0x590000 [0066.492] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a51b8) returned 1 [0066.492] GetProcessHeap () returned 0x590000 [0066.492] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a51b8) returned 0x14 [0066.492] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a51b8 | out: hHeap=0x590000) returned 1 [0066.492] GetProcessHeap () returned 0x590000 [0066.492] GetProcessHeap () returned 0x590000 [0066.492] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a66d8) returned 1 [0066.492] GetProcessHeap () returned 0x590000 [0066.492] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a66d8) returned 0x200 [0066.492] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a66d8 | out: hHeap=0x590000) returned 1 [0066.492] GetProcessHeap () returned 0x590000 [0066.492] GetProcessHeap () returned 0x590000 [0066.492] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4c78) returned 1 [0066.492] GetProcessHeap () returned 0x590000 [0066.492] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4c78) returned 0x10 [0066.492] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4c78 | out: hHeap=0x590000) returned 1 [0066.492] GetProcessHeap () returned 0x590000 [0066.492] GetProcessHeap () returned 0x590000 [0066.492] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5158) returned 1 [0066.492] GetProcessHeap () returned 0x590000 [0066.492] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5158) returned 0x14 [0066.492] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5158 | out: hHeap=0x590000) returned 1 [0066.492] GetProcessHeap () returned 0x590000 [0066.492] GetProcessHeap () returned 0x590000 [0066.492] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a52d8) returned 1 [0066.493] GetProcessHeap () returned 0x590000 [0066.493] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a52d8) returned 0x14 [0066.493] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a52d8 | out: hHeap=0x590000) returned 1 [0066.493] GetProcessHeap () returned 0x590000 [0066.493] GetProcessHeap () returned 0x590000 [0066.493] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4cc0) returned 1 [0066.493] GetProcessHeap () returned 0x590000 [0066.493] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4cc0) returned 0x10 [0066.493] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4cc0 | out: hHeap=0x590000) returned 1 [0066.493] GetProcessHeap () returned 0x590000 [0066.493] GetProcessHeap () returned 0x590000 [0066.493] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a50d8) returned 1 [0066.493] GetProcessHeap () returned 0x590000 [0066.493] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a50d8) returned 0x14 [0066.493] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a50d8 | out: hHeap=0x590000) returned 1 [0066.493] GetProcessHeap () returned 0x590000 [0066.493] GetProcessHeap () returned 0x590000 [0066.493] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5318) returned 1 [0066.493] GetProcessHeap () returned 0x590000 [0066.493] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5318) returned 0x16 [0066.493] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5318 | out: hHeap=0x590000) returned 1 [0066.493] GetProcessHeap () returned 0x590000 [0066.493] GetProcessHeap () returned 0x590000 [0066.493] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4c90) returned 1 [0066.493] GetProcessHeap () returned 0x590000 [0066.493] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4c90) returned 0x10 [0066.493] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4c90 | out: hHeap=0x590000) returned 1 [0066.493] GetProcessHeap () returned 0x590000 [0066.493] GetProcessHeap () returned 0x590000 [0066.493] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a50a0) returned 1 [0066.493] GetProcessHeap () returned 0x590000 [0066.493] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a50a0) returned 0x14 [0066.493] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a50a0 | out: hHeap=0x590000) returned 1 [0066.493] GetProcessHeap () returned 0x590000 [0066.493] GetProcessHeap () returned 0x590000 [0066.493] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4f70) returned 1 [0066.493] GetProcessHeap () returned 0x590000 [0066.493] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4f70) returned 0x2 [0066.493] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4f70 | out: hHeap=0x590000) returned 1 [0066.493] GetProcessHeap () returned 0x590000 [0066.494] GetProcessHeap () returned 0x590000 [0066.494] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4f80) returned 1 [0066.494] GetProcessHeap () returned 0x590000 [0066.494] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4f80) returned 0x14 [0066.494] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4f80 | out: hHeap=0x590000) returned 1 [0066.494] GetProcessHeap () returned 0x590000 [0066.494] GetProcessHeap () returned 0x590000 [0066.494] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4fa0) returned 1 [0066.494] GetProcessHeap () returned 0x590000 [0066.494] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4fa0) returned 0x14 [0066.494] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4fa0 | out: hHeap=0x590000) returned 1 [0066.494] GetProcessHeap () returned 0x590000 [0066.494] GetProcessHeap () returned 0x590000 [0066.494] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4fc0) returned 1 [0066.494] GetProcessHeap () returned 0x590000 [0066.494] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4fc0) returned 0x14 [0066.494] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4fc0 | out: hHeap=0x590000) returned 1 [0066.494] GetProcessHeap () returned 0x590000 [0066.494] GetProcessHeap () returned 0x590000 [0066.494] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4fe0) returned 1 [0066.494] GetProcessHeap () returned 0x590000 [0066.494] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4fe0) returned 0x14 [0066.494] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4fe0 | out: hHeap=0x590000) returned 1 [0066.494] GetProcessHeap () returned 0x590000 [0066.494] GetProcessHeap () returned 0x590000 [0066.494] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5278) returned 1 [0066.494] GetProcessHeap () returned 0x590000 [0066.494] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5278) returned 0x14 [0066.494] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5278 | out: hHeap=0x590000) returned 1 [0066.494] GetProcessHeap () returned 0x590000 [0066.494] GetProcessHeap () returned 0x590000 [0066.494] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4dc8) returned 1 [0066.494] GetProcessHeap () returned 0x590000 [0066.494] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4dc8) returned 0xc [0066.494] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4dc8 | out: hHeap=0x590000) returned 1 [0066.494] GetProcessHeap () returned 0x590000 [0066.494] GetProcessHeap () returned 0x590000 [0066.494] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5298) returned 1 [0066.494] GetProcessHeap () returned 0x590000 [0066.494] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5298) returned 0x14 [0066.495] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5298 | out: hHeap=0x590000) returned 1 [0066.495] GetProcessHeap () returned 0x590000 [0066.495] GetProcessHeap () returned 0x590000 [0066.495] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a68e0) returned 1 [0066.495] GetProcessHeap () returned 0x590000 [0066.495] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a68e0) returned 0x30 [0066.495] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a68e0 | out: hHeap=0x590000) returned 1 [0066.495] GetProcessHeap () returned 0x590000 [0066.495] GetProcessHeap () returned 0x590000 [0066.495] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a52b8) returned 1 [0066.495] GetProcessHeap () returned 0x590000 [0066.495] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a52b8) returned 0x14 [0066.495] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a52b8 | out: hHeap=0x590000) returned 1 [0066.495] GetProcessHeap () returned 0x590000 [0066.495] GetProcessHeap () returned 0x590000 [0066.495] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6918) returned 1 [0066.495] GetProcessHeap () returned 0x590000 [0066.495] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a6918) returned 0x30 [0066.495] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a6918 | out: hHeap=0x590000) returned 1 [0066.495] GetProcessHeap () returned 0x590000 [0066.495] GetProcessHeap () returned 0x590000 [0066.495] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a53f8) returned 1 [0066.495] GetProcessHeap () returned 0x590000 [0066.495] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a53f8) returned 0x14 [0066.495] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a53f8 | out: hHeap=0x590000) returned 1 [0066.495] GetProcessHeap () returned 0x590000 [0066.495] GetProcessHeap () returned 0x590000 [0066.495] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5458) returned 1 [0066.495] GetProcessHeap () returned 0x590000 [0066.495] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5458) returned 0x16 [0066.495] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5458 | out: hHeap=0x590000) returned 1 [0066.495] GetProcessHeap () returned 0x590000 [0066.495] GetProcessHeap () returned 0x590000 [0066.495] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a53d8) returned 1 [0066.495] GetProcessHeap () returned 0x590000 [0066.495] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a53d8) returned 0x14 [0066.495] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a53d8 | out: hHeap=0x590000) returned 1 [0066.495] GetProcessHeap () returned 0x590000 [0066.496] GetProcessHeap () returned 0x590000 [0066.496] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5478) returned 1 [0066.496] GetProcessHeap () returned 0x590000 [0066.496] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5478) returned 0x16 [0066.496] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5478 | out: hHeap=0x590000) returned 1 [0066.496] GetProcessHeap () returned 0x590000 [0066.496] GetProcessHeap () returned 0x590000 [0066.496] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a53b8) returned 1 [0066.496] GetProcessHeap () returned 0x590000 [0066.496] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a53b8) returned 0x14 [0066.496] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a53b8 | out: hHeap=0x590000) returned 1 [0066.496] GetProcessHeap () returned 0x590000 [0066.496] GetProcessHeap () returned 0x590000 [0066.496] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5b48d0) returned 1 [0066.496] GetProcessHeap () returned 0x590000 [0066.496] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5b48d0) returned 0x82 [0066.496] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5b48d0 | out: hHeap=0x590000) returned 1 [0066.496] GetProcessHeap () returned 0x590000 [0066.496] GetProcessHeap () returned 0x590000 [0066.496] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5398) returned 1 [0066.496] GetProcessHeap () returned 0x590000 [0066.496] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5398) returned 0x14 [0066.496] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5398 | out: hHeap=0x590000) returned 1 [0066.496] GetProcessHeap () returned 0x590000 [0066.496] GetProcessHeap () returned 0x590000 [0066.496] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4d68) returned 1 [0066.496] GetProcessHeap () returned 0x590000 [0066.496] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4d68) returned 0xe [0066.496] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4d68 | out: hHeap=0x590000) returned 1 [0066.496] GetProcessHeap () returned 0x590000 [0066.496] GetProcessHeap () returned 0x590000 [0066.496] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5378) returned 1 [0066.496] GetProcessHeap () returned 0x590000 [0066.496] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5378) returned 0x14 [0066.496] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5378 | out: hHeap=0x590000) returned 1 [0066.496] GetProcessHeap () returned 0x590000 [0066.496] GetProcessHeap () returned 0x590000 [0066.496] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4d80) returned 1 [0066.496] GetProcessHeap () returned 0x590000 [0066.496] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4d80) returned 0xc [0066.496] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4d80 | out: hHeap=0x590000) returned 1 [0066.497] GetProcessHeap () returned 0x590000 [0066.497] GetProcessHeap () returned 0x590000 [0066.497] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5358) returned 1 [0066.497] GetProcessHeap () returned 0x590000 [0066.497] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5358) returned 0x14 [0066.497] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5358 | out: hHeap=0x590000) returned 1 [0066.497] GetProcessHeap () returned 0x590000 [0066.497] GetProcessHeap () returned 0x590000 [0066.497] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4d98) returned 1 [0066.497] GetProcessHeap () returned 0x590000 [0066.497] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4d98) returned 0xe [0066.497] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4d98 | out: hHeap=0x590000) returned 1 [0066.497] GetProcessHeap () returned 0x590000 [0066.497] GetProcessHeap () returned 0x590000 [0066.497] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5338) returned 1 [0066.497] GetProcessHeap () returned 0x590000 [0066.497] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5338) returned 0x14 [0066.497] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5338 | out: hHeap=0x590000) returned 1 [0066.497] GetProcessHeap () returned 0x590000 [0066.497] GetProcessHeap () returned 0x590000 [0066.497] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4db0) returned 1 [0066.497] GetProcessHeap () returned 0x590000 [0066.497] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4db0) returned 0x10 [0066.497] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4db0 | out: hHeap=0x590000) returned 1 [0066.497] GetProcessHeap () returned 0x590000 [0066.497] GetProcessHeap () returned 0x590000 [0066.497] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a52f8) returned 1 [0066.497] GetProcessHeap () returned 0x590000 [0066.497] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a52f8) returned 0x14 [0066.497] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a52f8 | out: hHeap=0x590000) returned 1 [0066.497] GetProcessHeap () returned 0x590000 [0066.497] GetProcessHeap () returned 0x590000 [0066.497] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4bb8) returned 1 [0066.497] GetProcessHeap () returned 0x590000 [0066.497] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4bb8) returned 0x10 [0066.497] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4bb8 | out: hHeap=0x590000) returned 1 [0066.497] GetProcessHeap () returned 0x590000 [0066.498] GetProcessHeap () returned 0x590000 [0066.498] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5000) returned 1 [0066.498] GetProcessHeap () returned 0x590000 [0066.498] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5000) returned 0x14 [0066.498] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5000 | out: hHeap=0x590000) returned 1 [0066.498] GetProcessHeap () returned 0x590000 [0066.498] GetProcessHeap () returned 0x590000 [0066.498] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5020) returned 1 [0066.498] GetProcessHeap () returned 0x590000 [0066.498] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5020) returned 0x14 [0066.498] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5020 | out: hHeap=0x590000) returned 1 [0066.498] GetProcessHeap () returned 0x590000 [0066.498] GetProcessHeap () returned 0x590000 [0066.498] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5040) returned 1 [0066.498] GetProcessHeap () returned 0x590000 [0066.498] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5040) returned 0x14 [0066.498] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5040 | out: hHeap=0x590000) returned 1 [0066.498] GetProcessHeap () returned 0x590000 [0066.498] GetProcessHeap () returned 0x590000 [0066.498] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5060) returned 1 [0066.498] GetProcessHeap () returned 0x590000 [0066.498] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5060) returned 0x14 [0066.498] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5060 | out: hHeap=0x590000) returned 1 [0066.498] GetProcessHeap () returned 0x590000 [0066.498] GetProcessHeap () returned 0x590000 [0066.498] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4bd0) returned 1 [0066.498] GetProcessHeap () returned 0x590000 [0066.498] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4bd0) returned 0x10 [0066.498] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4bd0 | out: hHeap=0x590000) returned 1 [0066.498] GetProcessHeap () returned 0x590000 [0066.498] GetProcessHeap () returned 0x590000 [0066.498] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5080) returned 1 [0066.498] GetProcessHeap () returned 0x590000 [0066.498] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5080) returned 0x14 [0066.498] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5080 | out: hHeap=0x590000) returned 1 [0066.498] GetProcessHeap () returned 0x590000 [0066.498] GetProcessHeap () returned 0x590000 [0066.498] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a50f8) returned 1 [0066.498] GetProcessHeap () returned 0x590000 [0066.498] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a50f8) returned 0x14 [0066.499] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a50f8 | out: hHeap=0x590000) returned 1 [0066.499] GetProcessHeap () returned 0x590000 [0066.499] GetProcessHeap () returned 0x590000 [0066.499] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5138) returned 1 [0066.499] GetProcessHeap () returned 0x590000 [0066.499] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5138) returned 0x14 [0066.499] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5138 | out: hHeap=0x590000) returned 1 [0066.499] GetProcessHeap () returned 0x590000 [0066.499] GetProcessHeap () returned 0x590000 [0066.499] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5178) returned 1 [0066.499] GetProcessHeap () returned 0x590000 [0066.499] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5178) returned 0x14 [0066.499] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5178 | out: hHeap=0x590000) returned 1 [0066.499] GetProcessHeap () returned 0x590000 [0066.499] GetProcessHeap () returned 0x590000 [0066.499] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5198) returned 1 [0066.499] GetProcessHeap () returned 0x590000 [0066.499] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5198) returned 0x14 [0066.499] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5198 | out: hHeap=0x590000) returned 1 [0066.499] GetProcessHeap () returned 0x590000 [0066.499] GetProcessHeap () returned 0x590000 [0066.499] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4be8) returned 1 [0066.499] GetProcessHeap () returned 0x590000 [0066.499] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4be8) returned 0x10 [0066.499] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4be8 | out: hHeap=0x590000) returned 1 [0066.499] GetProcessHeap () returned 0x590000 [0066.499] GetProcessHeap () returned 0x590000 [0066.499] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5118) returned 1 [0066.499] GetProcessHeap () returned 0x590000 [0066.499] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a5118) returned 0x14 [0066.499] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a5118 | out: hHeap=0x590000) returned 1 [0066.499] GetProcessHeap () returned 0x590000 [0066.499] GetProcessHeap () returned 0x590000 [0066.499] HeapValidate (hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4ba0) returned 1 [0066.499] GetProcessHeap () returned 0x590000 [0066.499] RtlSizeHeap (HeapHandle=0x590000, Flags=0x0, MemoryPointer=0x5a4ba0) returned 0x10 [0066.499] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5a4ba0 | out: hHeap=0x590000) returned 1 [0066.500] exit (_Code=0) Thread: id = 99 os_tid = 0x888 Process: id = "7" image_name = "taskeng.exe" filename = "c:\\windows\\system32\\taskeng.exe" page_root = "0x76a3f000" os_pid = "0x588" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "created_scheduled_job" parent_id = "6" os_parent_pid = "0x370" cmd_line = "taskeng.exe {4568F795-B030-4E70-B052-419BC1469E0B} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\\5p5NrGJn0jS HALPmcxz:Interactive:Highest[1]" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 100 os_tid = 0x54c Thread: id = 101 os_tid = 0x5b4 Thread: id = 102 os_tid = 0x5b0 Thread: id = 103 os_tid = 0x59c Thread: id = 104 os_tid = 0x594 Thread: id = 105 os_tid = 0x58c Process: id = "8" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xad16000" os_pid = "0x338" os_integrity_level = "0x4000" os_privileges = "0x60b16080" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AudioEndpointBuilder" [0xe], "NT SERVICE\\CscService" [0xa], "NT SERVICE\\dot3svc" [0xa], "NT SERVICE\\hidserv" [0xa], "NT SERVICE\\HomeGroupListener" [0xa], "NT SERVICE\\IPBusEnum" [0xa], "NT SERVICE\\Netman" [0xa], "NT SERVICE\\PcaSvc" [0xa], "NT SERVICE\\StorSvc" [0xa], "NT SERVICE\\TabletInputService" [0xa], "NT SERVICE\\TrkWks" [0xa], "NT SERVICE\\UmRdpService" [0xa], "NT SERVICE\\UxSms" [0xa], "NT SERVICE\\WdiSystemHost" [0xa], "NT SERVICE\\Wlansvc" [0xa], "NT SERVICE\\WPDBusEnum" [0xa], "NT SERVICE\\wudfsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000bc99" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 120 os_tid = 0x648 Thread: id = 121 os_tid = 0x638 Thread: id = 122 os_tid = 0x554 Thread: id = 123 os_tid = 0x720 Thread: id = 124 os_tid = 0x668 Thread: id = 125 os_tid = 0x65c Thread: id = 126 os_tid = 0x144 Thread: id = 127 os_tid = 0x110 Thread: id = 128 os_tid = 0x3f0 Thread: id = 129 os_tid = 0x3ec Thread: id = 130 os_tid = 0x3e4 Thread: id = 131 os_tid = 0x3e0 Thread: id = 132 os_tid = 0x3d0 Thread: id = 133 os_tid = 0x3cc Thread: id = 134 os_tid = 0x398 Thread: id = 135 os_tid = 0x394 Thread: id = 136 os_tid = 0x384 Thread: id = 137 os_tid = 0x380 Thread: id = 138 os_tid = 0x350 Thread: id = 139 os_tid = 0x33c Thread: id = 147 os_tid = 0x57c Thread: id = 150 os_tid = 0x88c Process: id = "9" image_name = "taskeng.exe" filename = "c:\\windows\\system32\\taskeng.exe" page_root = "0x75849000" os_pid = "0x610" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "created_scheduled_job" parent_id = "6" os_parent_pid = "0x370" cmd_line = "taskeng.exe {081EE9C0-B31D-4E29-8639-50107722212D} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\\5p5NrGJn0jS HALPmcxz:Interactive:Highest[1]" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e2f4" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 153 os_tid = 0x614 Thread: id = 154 os_tid = 0x624 Thread: id = 155 os_tid = 0x628 Thread: id = 156 os_tid = 0x644 Thread: id = 157 os_tid = 0x64c Thread: id = 158 os_tid = 0x650 Thread: id = 159 os_tid = 0x65c Thread: id = 298 os_tid = 0x7c4 Process: id = "10" image_name = "winupdt.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\winupdt.exe" page_root = "0x75960000" os_pid = "0x670" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "9" os_parent_pid = "0x610" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe\" " cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e2f4" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 194 os_tid = 0x674 [0132.475] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0137.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x3feaa8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77 [0137.534] IsAppThemed () returned 0x1 [0137.536] CoTaskMemAlloc (cb=0xf0) returned 0x5499a0 [0137.537] CreateActCtxA (pActCtx=0x3fefa4) returned 0x549b94 [0137.661] CoTaskMemFree (pv=0x5499a0) [0137.727] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc11f [0137.727] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc120 [0137.744] GetUserNameW (in: lpBuffer=0x3fede4, pcbBuffer=0x3ff05c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x3ff05c) returned 1 [0137.749] GetComputerNameW (in: lpBuffer=0x3fede4, nSize=0x3ff05c | out: lpBuffer="XDUWTFONO", nSize=0x3ff05c) returned 1 [0137.750] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x3feedc, nSize=0x80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x2d [0137.808] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0137.811] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x74bd0000 [0137.892] AdjustWindowRectEx (in: lpRect=0x3feffc, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50081 | out: lpRect=0x3feffc) returned 1 [0137.894] GetCurrentProcess () returned 0xffffffff [0137.895] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x3fef14, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3fef14*=0x20c) returned 1 [0137.910] GetCurrentActCtx (in: lphActCtx=0x3fee74 | out: lphActCtx=0x3fee74*=0x0) returned 1 [0137.910] ActivateActCtx (in: hActCtx=0x549b94, lpCookie=0x3fee84 | out: hActCtx=0x549b94, lpCookie=0x3fee84) returned 1 [0137.910] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0137.918] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x74a30000 [0137.928] GetModuleHandleW (lpModuleName="user32.dll") returned 0x77260000 [0137.928] GetProcAddress (hModule=0x77260000, lpProcName="DefWindowProcW") returned 0x77d625dd [0137.929] GetStockObject (i=5) returned 0x1900015 [0137.968] GetModuleHandleW (lpModuleName=0x0) returned 0xb10000 [0137.971] CoTaskMemAlloc (cb=0x5c) returned 0x555998 [0137.971] RegisterClassW (lpWndClass=0x3fed2c) returned 0xc121 [0137.972] CoTaskMemFree (pv=0x555998) [0137.973] GetModuleHandleW (lpModuleName=0x0) returned 0xb10000 [0137.973] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0xb10000, lpParam=0x0) returned 0x1014e [0137.975] SetWindowLongW (hWnd=0x1014e, nIndex=-4, dwNewLong=2010523101) returned 78645286 [0137.976] GetWindowLongW (hWnd=0x1014e, nIndex=-4) returned 2010523101 [0138.158] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x3fe63c | out: phkResult=0x3fe63c*=0x224) returned 0x0 [0138.159] RegQueryValueExW (in: hKey=0x224, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x3fe65c, lpData=0x0, lpcbData=0x3fe658*=0x0 | out: lpType=0x3fe65c*=0x0, lpData=0x0, lpcbData=0x3fe658*=0x0) returned 0x2 [0138.159] RegQueryValueExW (in: hKey=0x224, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x3fe65c, lpData=0x0, lpcbData=0x3fe658*=0x0 | out: lpType=0x3fe65c*=0x0, lpData=0x0, lpcbData=0x3fe658*=0x0) returned 0x2 [0138.159] RegCloseKey (hKey=0x224) returned 0x0 [0138.162] SetWindowLongW (hWnd=0x1014e, nIndex=-4, dwNewLong=78645326) returned 2010523101 [0138.162] GetWindowLongW (hWnd=0x1014e, nIndex=-4) returned 78645326 [0138.162] GetWindowLongW (hWnd=0x1014e, nIndex=-16) returned 113311744 [0138.164] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc122 [0138.164] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc123 [0138.164] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1014e, Msg=0x81, wParam=0x0, lParam=0x3fe908) returned 0x1 [0138.165] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1014e, Msg=0x83, wParam=0x0, lParam=0x3fe8f4) returned 0x0 [0138.165] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1014e, Msg=0x1, wParam=0x0, lParam=0x3fe908) returned 0x0 [0138.166] GetClientRect (in: hWnd=0x1014e, lpRect=0x3fe670 | out: lpRect=0x3fe670) returned 1 [0138.166] GetWindowRect (in: hWnd=0x1014e, lpRect=0x3fe670 | out: lpRect=0x3fe670) returned 1 [0138.167] GetParent (hWnd=0x1014e) returned 0x0 [0138.168] DeactivateActCtx (dwFlags=0x0, ulCookie=0x1c320001) returned 1 [0138.234] EtwEventRegister () returned 0x0 [0138.245] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74bd0000 [0138.245] AdjustWindowRectEx (in: lpRect=0x3fefb4, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x3fefb4) returned 1 [0138.245] GetSystemMetrics (nIndex=59) returned 1460 [0138.245] GetSystemMetrics (nIndex=60) returned 920 [0138.245] GetSystemMetrics (nIndex=34) returned 132 [0138.245] GetSystemMetrics (nIndex=35) returned 38 [0138.246] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74bd0000 [0138.246] AdjustWindowRectEx (in: lpRect=0x3feeb4, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x3feeb4) returned 1 [0138.251] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe.config", nBufferLength=0x105, lpBuffer=0x3fe8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe.config", lpFilePart=0x0) returned 0x40 [0138.251] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fed4c) returned 1 [0138.252] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\winupdt.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x3fedc8 | out: lpFileInformation=0x3fedc8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0138.252] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fed48) returned 1 [0138.711] GetSystemMetrics (nIndex=11) returned 32 [0138.712] GetSystemMetrics (nIndex=12) returned 32 [0138.713] GetDC (hWnd=0x0) returned 0x3f010787 [0138.717] GetDeviceCaps (hdc=0x3f010787, index=12) returned 32 [0138.717] GetDeviceCaps (hdc=0x3f010787, index=14) returned 1 [0138.718] ReleaseDC (hWnd=0x0, hDC=0x3f010787) returned 1 [0138.718] CreateIconFromResourceEx (presbits=0x24b9fc8, dwResSize=0x10a8, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0x2013b [0138.724] CreateCompatibleDC (hdc=0x0) returned 0x3e0101f8 [0138.726] GetSystemDefaultLCID () returned 0x409 [0138.726] GetStockObject (i=17) returned 0x18a0025 [0138.730] GetObjectW (in: h=0x18a0025, c=92, pv=0x3fed0c | out: pv=0x3fed0c) returned 92 [0138.731] GetDC (hWnd=0x0) returned 0x3f010787 [0138.837] GdiplusStartup (in: token=0x126fc0, input=0x3fe2d8, output=0x3fe328 | out: token=0x126fc0, output=0x3fe328) returned 0x0 [0138.860] CoTaskMemAlloc (cb=0x5c) returned 0x555998 [0138.866] GdipCreateFontFromLogfontW (hdc=0x3f010787, logfont=0x555998, font=0x3fedd4) returned 0x0 [0139.002] CoTaskMemFree (pv=0x555998) [0139.003] CoTaskMemAlloc (cb=0x5c) returned 0x555998 [0139.003] CoTaskMemFree (pv=0x555998) [0139.004] CoTaskMemAlloc (cb=0x5c) returned 0x555998 [0139.004] CoTaskMemFree (pv=0x555998) [0139.005] GdipGetFontUnit (font=0x48b2230, unit=0x3feda0) returned 0x0 [0139.005] GdipGetFontSize (font=0x48b2230, size=0x3feda4) returned 0x0 [0139.005] GdipGetFontStyle (font=0x48b2230, style=0x3fed9c) returned 0x0 [0139.006] GdipGetFamily (font=0x48b2230, family=0x3fed98) returned 0x0 [0139.007] GdipGetFontSize (font=0x48b2230, size=0x24bb56c) returned 0x0 [0139.007] ReleaseDC (hWnd=0x0, hDC=0x3f010787) returned 1 [0139.007] GetDC (hWnd=0x0) returned 0x40101b8 [0139.009] GdipCreateFromHDC (hdc=0x40101b8, graphics=0x3fedc0) returned 0x0 [0139.011] GdipGetDpiY (graphics=0x4b9fcf0, dpi=0x24bb674) returned 0x0 [0139.011] GdipGetFontHeight (font=0x48b2230, graphics=0x4b9fcf0, height=0x3fedb8) returned 0x0 [0139.012] GdipGetEmHeight (family=0x48bf6b8, style=0, EmHeight=0x3fedc0) returned 0x0 [0139.012] GdipGetLineSpacing (family=0x48bf6b8, style=0, LineSpacing=0x3fedc0) returned 0x0 [0139.013] GdipDeleteGraphics (graphics=0x4b9fcf0) returned 0x0 [0139.013] ReleaseDC (hWnd=0x0, hDC=0x40101b8) returned 1 [0139.014] GdipCreateFont (fontFamily=0x48bf6b8, emSize=0x41040000, style=0, unit=0x3, font=0x24bb634) returned 0x0 [0139.014] GdipGetFontSize (font=0x4bf2940, size=0x24bb638) returned 0x0 [0139.015] GdipDeleteFont (font=0x48b2230) returned 0x0 [0139.016] GetDC (hWnd=0x0) returned 0x40101b8 [0139.016] GdipCreateFromHDC (hdc=0x40101b8, graphics=0x3fede4) returned 0x0 [0139.017] CoTaskMemAlloc (cb=0x5c) returned 0x555998 [0139.017] GdipGetLogFontW (font=0x4bf2940, graphics=0x4b9fcf0, logfontW=0x555998) returned 0x0 [0139.018] CoTaskMemFree (pv=0x555998) [0139.018] CoTaskMemAlloc (cb=0x5c) returned 0x555998 [0139.018] CoTaskMemFree (pv=0x555998) [0139.018] CoTaskMemAlloc (cb=0x5c) returned 0x555998 [0139.018] CoTaskMemFree (pv=0x555998) [0139.019] GdipDeleteGraphics (graphics=0x4b9fcf0) returned 0x0 [0139.019] ReleaseDC (hWnd=0x0, hDC=0x40101b8) returned 1 [0139.019] CoTaskMemAlloc (cb=0x5c) returned 0x555998 [0139.019] CreateFontIndirectW (lplf=0x555998) returned 0xa0a01e8 [0139.020] CoTaskMemFree (pv=0x555998) [0139.020] SelectObject (hdc=0x3e0101f8, h=0xa0a01e8) returned 0x18a002e [0139.020] GetTextMetricsW (in: hdc=0x3e0101f8, lptm=0x3feef0 | out: lptm=0x3feef0) returned 1 [0139.021] GetTextExtentPoint32W (in: hdc=0x3e0101f8, lpString="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", c=52, psizl=0x24bb890 | out: psizl=0x24bb890) returned 1 [0139.024] SelectObject (hdc=0x3e0101f8, h=0x18a002e) returned 0xa0a01e8 [0139.026] DeleteDC (hdc=0x3e0101f8) returned 1 [0139.026] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74bd0000 [0139.026] AdjustWindowRectEx (in: lpRect=0x3fec58, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x3fec58) returned 1 [0139.026] AdjustWindowRectEx (in: lpRect=0x3fee7c, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x3fee7c) returned 1 [0139.027] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74bd0000 [0139.027] AdjustWindowRectEx (in: lpRect=0x3febd0, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x3febd0) returned 1 [0139.027] AdjustWindowRectEx (in: lpRect=0x3fecb4, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x3fecb4) returned 1 [0139.030] GetSystemMetrics (nIndex=59) returned 1460 [0139.030] GetSystemMetrics (nIndex=60) returned 920 [0139.030] GetSystemMetrics (nIndex=34) returned 132 [0139.030] GetSystemMetrics (nIndex=35) returned 38 [0139.031] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74bd0000 [0139.031] AdjustWindowRectEx (in: lpRect=0x3feb60, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x3feb60) returned 1 [0139.031] AdjustWindowRectEx (in: lpRect=0x3fec28, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0x3fec28) returned 1 [0139.031] GetCurrentActCtx (in: lphActCtx=0x3ff018 | out: lphActCtx=0x3ff018*=0x0) returned 1 [0139.031] ActivateActCtx (in: hActCtx=0x549b94, lpCookie=0x3ff028 | out: hActCtx=0x549b94, lpCookie=0x3ff028) returned 1 [0139.035] GetCurrentActCtx (in: lphActCtx=0x3fee38 | out: lphActCtx=0x3fee38*=0x549b94) returned 1 [0139.035] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74a30000 [0139.035] AdjustWindowRectEx (in: lpRect=0x3fed98, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x3fed98) returned 1 [0139.035] GetModuleHandleW (lpModuleName=0x0) returned 0xb10000 [0139.035] CreateWindowExW (dwExStyle=0x50080, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", lpWindowName="no reason", dwStyle=0x2cf0000, X=-2147483648, Y=-2147483648, nWidth=164, nHeight=91, hWndParent=0x0, hMenu=0x0, hInstance=0xb10000, lpParam=0x0) returned 0x10154 [0139.035] SetWindowLongW (hWnd=0x10154, nIndex=-4, dwNewLong=2010523101) returned 78645286 [0139.035] GetWindowLongW (hWnd=0x10154, nIndex=-4) returned 2010523101 [0139.036] SetWindowLongW (hWnd=0x10154, nIndex=-4, dwNewLong=78645406) returned 2010523101 [0139.036] GetWindowLongW (hWnd=0x10154, nIndex=-4) returned 78645406 [0139.036] GetWindowLongW (hWnd=0x10154, nIndex=-16) returned 114229248 [0139.036] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0x81, wParam=0x0, lParam=0x3fe8cc) returned 0x1 [0139.037] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0x83, wParam=0x0, lParam=0x3fe8b8) returned 0x0 [0139.041] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0x1, wParam=0x0, lParam=0x3fe8cc) returned 0x0 [0139.041] GetClientRect (in: hWnd=0x10154, lpRect=0x3fe604 | out: lpRect=0x3fe604) returned 1 [0139.041] GetWindowRect (in: hWnd=0x10154, lpRect=0x3fe604 | out: lpRect=0x3fe604) returned 1 [0139.043] SetWindowTextW (hWnd=0x10154, lpString="no reason") returned 1 [0139.043] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0xc, wParam=0x0, lParam=0x24a64f0) returned 0x1 [0139.062] GetUserObjectInformationA (in: hObj=0x5c, nIndex=1, pvInfo=0x24bbe2c, nLength=0xc, lpnLengthNeeded=0x3fe504 | out: pvInfo=0x24bbe2c, lpnLengthNeeded=0x3fe504) returned 1 [0139.067] SetConsoleCtrlHandler (HandlerRoutine=0x4b008c6, Add=1) returned 1 [0139.068] GetModuleHandleW (lpModuleName=0x0) returned 0xb10000 [0139.068] GetModuleHandleW (lpModuleName=0x0) returned 0xb10000 [0139.070] GetClassInfoW (in: hInstance=0xb10000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWndClass=0x24bbe90 | out: lpWndClass=0x24bbe90) returned 0 [0139.073] CoTaskMemAlloc (cb=0x58) returned 0x5548f8 [0139.073] RegisterClassW (lpWndClass=0x3fe454) returned 0xc125 [0139.074] CoTaskMemFree (pv=0x5548f8) [0139.075] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0xb10000, lpParam=0x0) returned 0x10158 [0139.075] NtdllDefWindowProc_W () returned 0x0 [0139.076] NtdllDefWindowProc_W () returned 0x0 [0139.076] NtdllDefWindowProc_W () returned 0x0 [0139.076] NtdllDefWindowProc_W () returned 0x0 [0139.084] GetStartupInfoW (in: lpStartupInfo=0x24bc210 | out: lpStartupInfo=0x24bc210*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0139.084] GetParent (hWnd=0x10154) returned 0x0 [0139.084] SetWindowLongW (hWnd=0x10154, nIndex=-8, dwNewLong=0) returned 0 [0139.084] GetSystemMetrics (nIndex=49) returned 16 [0139.084] GetSystemMetrics (nIndex=50) returned 16 [0139.085] CreateIconFromResourceEx (presbits=0x24bc290, dwResSize=0x468, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0x10155 [0139.086] SendMessageW (hWnd=0x10154, Msg=0x80, wParam=0x0, lParam=0x10155) returned 0x0 [0139.086] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0x80, wParam=0x0, lParam=0x10155) returned 0x0 [0139.087] SendMessageW (hWnd=0x10154, Msg=0x80, wParam=0x1, lParam=0x2013b) returned 0x0 [0139.087] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0x80, wParam=0x1, lParam=0x2013b) returned 0x0 [0139.117] GetSystemMenu (hWnd=0x10154, bRevert=0) returned 0x1015d [0139.117] GetWindowPlacement (in: hWnd=0x10154, lpwndpl=0x3fee48 | out: lpwndpl=0x3fee48) returned 1 [0139.117] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0139.118] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0139.118] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0139.118] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf120, uEnable=0x1) returned 0 [0139.118] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0139.118] GetClientRect (in: hWnd=0x10154, lpRect=0x3fee8c | out: lpRect=0x3fee8c) returned 1 [0139.118] GetClientRect (in: hWnd=0x10154, lpRect=0x3fedec | out: lpRect=0x3fedec) returned 1 [0139.118] GetWindowRect (in: hWnd=0x10154, lpRect=0x3fedec | out: lpRect=0x3fedec) returned 1 [0139.118] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74a30000 [0139.118] GetWindowLongW (hWnd=0x10154, nIndex=-16) returned 114229248 [0139.119] GetWindowTextLengthW (hWnd=0x10154) returned 9 [0139.119] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0139.119] GetSystemMetrics (nIndex=42) returned 0 [0139.119] GetWindowTextW (in: hWnd=0x10154, lpString=0x3fed84, nMaxCount=10 | out: lpString="no reason") returned 9 [0139.119] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0xd, wParam=0xa, lParam=0x3fed84) returned 0x9 [0139.120] GetWindowTextLengthW (hWnd=0x10154) returned 9 [0139.120] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0139.120] GetSystemMetrics (nIndex=42) returned 0 [0139.120] GetWindowTextW (in: hWnd=0x10154, lpString=0x3fed84, nMaxCount=10 | out: lpString="no reason") returned 9 [0139.120] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0xd, wParam=0xa, lParam=0x3fed84) returned 0x9 [0139.120] GetWindowLongW (hWnd=0x10154, nIndex=-16) returned 114229248 [0139.120] GetWindowLongW (hWnd=0x10154, nIndex=-20) returned 328064 [0139.120] SetWindowLongW (hWnd=0x10154, nIndex=-16, dwNewLong=47120384) returned 114229248 [0139.120] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0x7c, wParam=0xfffffff0, lParam=0x3fede0) returned 0x0 [0139.120] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0x7d, wParam=0xfffffff0, lParam=0x3fede0) returned 0x0 [0139.121] SetWindowLongW (hWnd=0x10154, nIndex=-20, dwNewLong=327808) returned 328064 [0139.121] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0x7c, wParam=0xffffffec, lParam=0x3fede0) returned 0x0 [0139.121] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0x7d, wParam=0xffffffec, lParam=0x3fede0) returned 0x0 [0139.121] SetWindowPos (hWnd=0x10154, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0139.121] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0x46, wParam=0x0, lParam=0x3fee00) returned 0x0 [0139.122] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0x83, wParam=0x1, lParam=0x3fedd8) returned 0x0 [0139.122] GetWindowPlacement (in: hWnd=0x10154, lpwndpl=0x3febb0 | out: lpwndpl=0x3febb0) returned 1 [0139.122] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0x47, wParam=0x0, lParam=0x3fee00) returned 0x0 [0139.123] GetClientRect (in: hWnd=0x10154, lpRect=0x3feb60 | out: lpRect=0x3feb60) returned 1 [0139.123] GetWindowRect (in: hWnd=0x10154, lpRect=0x3feb60 | out: lpRect=0x3feb60) returned 1 [0139.123] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0x83, wParam=0x1, lParam=0x3fe9e4) returned 0x0 [0139.124] RedrawWindow (hWnd=0x10154, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0139.124] GetSystemMenu (hWnd=0x10154, bRevert=0) returned 0x1015d [0139.124] GetWindowPlacement (in: hWnd=0x10154, lpwndpl=0x3fee38 | out: lpwndpl=0x3fee38) returned 1 [0139.124] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0139.124] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0139.124] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0139.124] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf120, uEnable=0x1) returned 1 [0139.124] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0139.124] ShowWindow (hWnd=0x10154, nCmdShow=5) [0139.124] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0139.125] GetWindowTextLengthW (hWnd=0x10154) returned 9 [0139.125] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0139.125] GetSystemMetrics (nIndex=42) returned 0 [0139.125] GetWindowTextW (in: hWnd=0x10154, lpString=0x3feaa8, nMaxCount=10 | out: lpString="no reason") returned 9 [0139.125] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0xd, wParam=0xa, lParam=0x3feaa8) returned 0x9 [0139.134] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74a30000 [0139.134] GetWindowLongW (hWnd=0x10154, nIndex=-16) returned 114229248 [0139.134] GetWindowTextLengthW (hWnd=0x10154) returned 9 [0139.134] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0139.134] GetSystemMetrics (nIndex=42) returned 0 [0139.134] GetWindowTextW (in: hWnd=0x10154, lpString=0x3fe9a8, nMaxCount=10 | out: lpString="no reason") returned 9 [0139.134] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0xd, wParam=0xa, lParam=0x3fe9a8) returned 0x9 [0139.134] GetWindowTextLengthW (hWnd=0x10154) returned 9 [0139.134] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0139.134] GetSystemMetrics (nIndex=42) returned 0 [0139.134] GetWindowTextW (in: hWnd=0x10154, lpString=0x3fe9a8, nMaxCount=10 | out: lpString="no reason") returned 9 [0139.134] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0xd, wParam=0xa, lParam=0x3fe9a8) returned 0x9 [0139.134] GetWindowLongW (hWnd=0x10154, nIndex=-16) returned 114229248 [0139.134] GetWindowLongW (hWnd=0x10154, nIndex=-20) returned 328064 [0139.134] SetWindowLongW (hWnd=0x10154, nIndex=-16, dwNewLong=315555840) returned 114229248 [0139.135] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0x7c, wParam=0xfffffff0, lParam=0x3fea04) returned 0x0 [0139.135] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0x7d, wParam=0xfffffff0, lParam=0x3fea04) returned 0x0 [0139.135] SetWindowLongW (hWnd=0x10154, nIndex=-20, dwNewLong=852096) returned 328064 [0139.135] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0x7c, wParam=0xffffffec, lParam=0x3fea04) returned 0x0 [0139.143] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0x7d, wParam=0xffffffec, lParam=0x3fea04) returned 0x0 [0139.143] SetWindowPos (hWnd=0x10154, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0139.143] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0x46, wParam=0x0, lParam=0x3fea24) returned 0x0 [0139.144] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0x83, wParam=0x1, lParam=0x3fe9fc) returned 0x0 [0139.145] GetWindowPlacement (in: hWnd=0x10154, lpwndpl=0x3fe7d4 | out: lpwndpl=0x3fe7d4) returned 1 [0139.145] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0x47, wParam=0x0, lParam=0x3fea24) returned 0x0 [0139.145] GetClientRect (in: hWnd=0x10154, lpRect=0x3fe784 | out: lpRect=0x3fe784) returned 1 [0139.145] GetWindowRect (in: hWnd=0x10154, lpRect=0x3fe784 | out: lpRect=0x3fe784) returned 1 [0139.145] RedrawWindow (hWnd=0x10154, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0139.145] GetSystemMenu (hWnd=0x10154, bRevert=0) returned 0x1015d [0139.145] GetWindowPlacement (in: hWnd=0x10154, lpwndpl=0x3fea5c | out: lpwndpl=0x3fea5c) returned 1 [0139.145] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0139.145] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0139.145] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0139.145] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf120, uEnable=0x1) returned 1 [0139.145] EnableMenuItem (hMenu=0x1015d, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0139.154] SetLayeredWindowAttributes (hwnd=0x10154, crKey=0x0, bAlpha=0x0, dwFlags=0x2) returned 1 [0139.158] GetCurrentThreadId () returned 0x674 [0139.166] EnumThreadWindows (dwThreadId=0x674, lpfn=0x4b00916, lParam=0x10154) returned 1 [0139.197] GetWindowLongW (hWnd=0x10158, nIndex=-8) returned 0 [0139.197] GetWindowLongW (hWnd=0x10154, nIndex=-8) returned 0 [0139.197] GetWindowLongW (hWnd=0x10156, nIndex=-8) returned 65876 [0139.231] SetWindowLongW (hWnd=0x10156, nIndex=-8, dwNewLong=0) returned 65876 [0139.234] GetParent (hWnd=0x10154) returned 0x0 [0139.234] GetWindowLongW (hWnd=0x10154, nIndex=-20) returned 852352 [0139.234] DestroyWindow (hWnd=0x10154) returned 1 [0139.234] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0139.234] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0x46, wParam=0x0, lParam=0x3fe960) returned 0x0 [0139.237] GetWindowPlacement (in: hWnd=0x10154, lpwndpl=0x3fe710 | out: lpwndpl=0x3fe710) returned 1 [0139.237] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0x47, wParam=0x0, lParam=0x3fe960) returned 0x0 [0139.237] GetClientRect (in: hWnd=0x10154, lpRect=0x3fe6c0 | out: lpRect=0x3fe6c0) returned 1 [0139.238] GetWindowRect (in: hWnd=0x10154, lpRect=0x3fe6c0 | out: lpRect=0x3fe6c0) returned 1 [0139.241] GetWindowTextLengthW (hWnd=0x10154) returned 9 [0139.241] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0139.241] GetSystemMetrics (nIndex=42) returned 0 [0139.241] GetWindowTextW (in: hWnd=0x10154, lpString=0x3fe5e4, nMaxCount=10 | out: lpString="no reason") returned 9 [0139.241] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0xd, wParam=0xa, lParam=0x3fe5e4) returned 0x9 [0139.242] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0139.242] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x10154, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0139.243] GetCurrentActCtx (in: lphActCtx=0x3fe9bc | out: lphActCtx=0x3fe9bc*=0x549b94) returned 1 [0139.244] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74a30000 [0139.244] GetModuleHandleW (lpModuleName=0x0) returned 0xb10000 [0139.244] CreateWindowExW (dwExStyle=0x90080, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r14_ad1", lpWindowName="no reason", dwStyle=0x2cf0000, X=175, Y=175, nWidth=164, nHeight=91, hWndParent=0x0, hMenu=0x0, hInstance=0xb10000, lpParam=0x0) returned 0x1015a [0139.244] SetWindowLongW (hWnd=0x1015a, nIndex=-4, dwNewLong=2010523101) returned 78645286 [0139.244] GetWindowLongW (hWnd=0x1015a, nIndex=-4) returned 2010523101 [0139.244] SetWindowLongW (hWnd=0x1015a, nIndex=-4, dwNewLong=78645566) returned 2010523101 [0139.244] GetWindowLongW (hWnd=0x1015a, nIndex=-4) returned 78645566 [0139.244] GetWindowLongW (hWnd=0x1015a, nIndex=-16) returned 114229248 [0139.245] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0x81, wParam=0x0, lParam=0x3fe450) returned 0x1 [0139.245] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0x83, wParam=0x0, lParam=0x3fe43c) returned 0x0 [0139.245] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0x1, wParam=0x0, lParam=0x3fe450) returned 0x0 [0139.245] GetClientRect (in: hWnd=0x1015a, lpRect=0x3fe188 | out: lpRect=0x3fe188) returned 1 [0139.245] GetWindowRect (in: hWnd=0x1015a, lpRect=0x3fe188 | out: lpRect=0x3fe188) returned 1 [0139.245] SetWindowTextW (hWnd=0x1015a, lpString="no reason") returned 1 [0139.245] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0xc, wParam=0x0, lParam=0x24bccdc) returned 0x1 [0139.246] SetLayeredWindowAttributes (hwnd=0x1015a, crKey=0x0, bAlpha=0x0, dwFlags=0x2) returned 1 [0139.246] GetStartupInfoW (in: lpStartupInfo=0x24bcfb4 | out: lpStartupInfo=0x24bcfb4*(cb=0x44, lpReserved="", lpDesktop="winsta0\\default", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0139.246] GetParent (hWnd=0x1015a) returned 0x0 [0139.246] GetStockObject (i=5) returned 0x1900015 [0139.247] GetModuleHandleW (lpModuleName=0x0) returned 0xb10000 [0139.247] CoTaskMemAlloc (cb=0x5c) returned 0x555998 [0139.247] RegisterClassW (lpWndClass=0x3fe89c) returned 0xc126 [0139.247] CoTaskMemFree (pv=0x555998) [0139.247] GetModuleHandleW (lpModuleName=0x0) returned 0xb10000 [0139.247] CreateWindowExW (dwExStyle=0x80, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r14_ad1", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0xb10000, lpParam=0x0) returned 0x1015c [0139.247] SetWindowLongW (hWnd=0x1015c, nIndex=-4, dwNewLong=2010523101) returned 78645606 [0139.247] GetWindowLongW (hWnd=0x1015c, nIndex=-4) returned 2010523101 [0139.247] SetWindowLongW (hWnd=0x1015c, nIndex=-4, dwNewLong=78645646) returned 2010523101 [0139.248] GetWindowLongW (hWnd=0x1015c, nIndex=-4) returned 78645646 [0139.248] GetWindowLongW (hWnd=0x1015c, nIndex=-16) returned 79691776 [0139.249] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015c, Msg=0x24, wParam=0x0, lParam=0x3fe484) returned 0x0 [0139.249] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015c, Msg=0x81, wParam=0x0, lParam=0x3fe478) returned 0x1 [0139.249] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015c, Msg=0x83, wParam=0x0, lParam=0x3fe464) returned 0x0 [0139.249] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015c, Msg=0x1, wParam=0x0, lParam=0x3fe478) returned 0x0 [0139.249] SetWindowLongW (hWnd=0x1015a, nIndex=-8, dwNewLong=65884) returned 0 [0139.249] SendMessageW (hWnd=0x1015a, Msg=0x80, wParam=0x0, lParam=0x10155) returned 0x0 [0139.249] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0x80, wParam=0x0, lParam=0x10155) returned 0x0 [0139.250] SendMessageW (hWnd=0x1015a, Msg=0x80, wParam=0x1, lParam=0x2013b) returned 0x0 [0139.250] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0x80, wParam=0x1, lParam=0x2013b) returned 0x0 [0139.250] GetSystemMenu (hWnd=0x1015a, bRevert=0) returned 0x2015d [0139.250] GetWindowPlacement (in: hWnd=0x1015a, lpwndpl=0x3fe9cc | out: lpwndpl=0x3fe9cc) returned 1 [0139.250] EnableMenuItem (hMenu=0x2015d, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0139.250] EnableMenuItem (hMenu=0x2015d, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0139.250] EnableMenuItem (hMenu=0x2015d, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0139.251] EnableMenuItem (hMenu=0x2015d, uIDEnableItem=0xf120, uEnable=0x1) returned 0 [0139.251] EnableMenuItem (hMenu=0x2015d, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0139.251] GetClientRect (in: hWnd=0x1015a, lpRect=0x3fea10 | out: lpRect=0x3fea10) returned 1 [0139.251] GetClientRect (in: hWnd=0x1015a, lpRect=0x3fe970 | out: lpRect=0x3fe970) returned 1 [0139.251] GetWindowRect (in: hWnd=0x1015a, lpRect=0x3fe970 | out: lpRect=0x3fe970) returned 1 [0139.251] SetWindowPos (hWnd=0x1015a, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x57) returned 1 [0139.251] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0x46, wParam=0x0, lParam=0x3fe8d8) returned 0x0 [0139.254] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0139.255] GetWindowPlacement (in: hWnd=0x1015a, lpwndpl=0x3fe6a0 | out: lpwndpl=0x3fe6a0) returned 1 [0139.255] GetClientRect (in: hWnd=0x1015a, lpRect=0x3fe64c | out: lpRect=0x3fe64c) returned 1 [0139.255] GetWindowTextLengthW (hWnd=0x1015a) returned 9 [0139.255] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0139.255] GetSystemMetrics (nIndex=42) returned 0 [0139.255] GetWindowTextW (in: hWnd=0x1015a, lpString=0x3fe510, nMaxCount=10 | out: lpString="no reason") returned 9 [0139.255] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0xd, wParam=0xa, lParam=0x3fe510) returned 0x9 [0139.255] GetClientRect (in: hWnd=0x1015a, lpRect=0x3fe554 | out: lpRect=0x3fe554) returned 1 [0139.256] GetSysColor (nIndex=10) returned 0xb4b4b4 [0139.256] GetSysColor (nIndex=2) returned 0xd1b499 [0139.256] GetSysColor (nIndex=9) returned 0x0 [0139.256] GetSysColor (nIndex=12) returned 0xababab [0139.256] GetSysColor (nIndex=15) returned 0xf0f0f0 [0139.256] GetSysColor (nIndex=20) returned 0xffffff [0139.256] GetSysColor (nIndex=16) returned 0xa0a0a0 [0139.256] GetSysColor (nIndex=15) returned 0xf0f0f0 [0139.257] GetSysColor (nIndex=16) returned 0xa0a0a0 [0139.257] GetSysColor (nIndex=21) returned 0x696969 [0139.257] GetSysColor (nIndex=22) returned 0xe3e3e3 [0139.257] GetSysColor (nIndex=20) returned 0xffffff [0139.257] GetSysColor (nIndex=18) returned 0x0 [0139.257] GetSysColor (nIndex=1) returned 0x0 [0139.257] GetSysColor (nIndex=27) returned 0xead1b9 [0139.257] GetSysColor (nIndex=28) returned 0xf2e4d7 [0139.257] GetSysColor (nIndex=17) returned 0x6d6d6d [0139.257] GetSysColor (nIndex=13) returned 0xff9933 [0139.257] GetSysColor (nIndex=14) returned 0xffffff [0139.257] GetSysColor (nIndex=26) returned 0xcc6600 [0139.257] GetSysColor (nIndex=11) returned 0xfcf7f4 [0139.257] GetSysColor (nIndex=3) returned 0xdbcdbf [0139.257] GetSysColor (nIndex=19) returned 0x544e43 [0139.257] GetSysColor (nIndex=24) returned 0xe1ffff [0139.257] GetSysColor (nIndex=23) returned 0x0 [0139.257] GetSysColor (nIndex=4) returned 0xf0f0f0 [0139.257] GetSysColor (nIndex=30) returned 0xf0f0f0 [0139.258] GetSysColor (nIndex=29) returned 0xff9933 [0139.258] GetSysColor (nIndex=7) returned 0x0 [0139.258] GetSysColor (nIndex=0) returned 0xc8c8c8 [0139.258] GetSysColor (nIndex=5) returned 0xffffff [0139.258] GetSysColor (nIndex=6) returned 0x646464 [0139.258] GetSysColor (nIndex=8) returned 0x0 [0139.259] GetSystemMetrics (nIndex=80) returned 1 [0139.261] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x4b009b6, dwData=0x0) returned 1 [0139.262] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x3fe1bc | out: lpmi=0x3fe1bc) returned 1 [0139.263] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x30101d9 [0139.263] GetDeviceCaps (hdc=0x30101d9, index=12) returned 32 [0139.263] GetDeviceCaps (hdc=0x30101d9, index=14) returned 1 [0139.263] DeleteDC (hdc=0x30101d9) returned 1 [0139.263] GetCurrentObject (hdc=0x3f010787, type=0x1) returned 0x1b00017 [0139.263] GetCurrentObject (hdc=0x3f010787, type=0x2) returned 0x1900010 [0139.263] GetCurrentObject (hdc=0x3f010787, type=0x7) returned 0x60501e1 [0139.263] GetCurrentObject (hdc=0x3f010787, type=0x6) returned 0x18a002e [0139.264] SaveDC (hdc=0x3f010787) returned 1 [0139.264] GetNearestColor (hdc=0x3f010787, color=0xf0f0f0) returned 0xf0f0f0 [0139.265] CreateSolidBrush (color=0xf0f0f0) returned 0x121001dc [0139.266] FillRect (hDC=0x3f010787, lprc=0x3fe3f4, hbr=0x121001dc) returned 1 [0139.350] DeleteObject (ho=0x121001dc) returned 1 [0139.350] RestoreDC (hdc=0x3f010787, nSavedDC=-1) returned 1 [0139.352] GetWindowPlacement (in: hWnd=0x1015a, lpwndpl=0x3fe688 | out: lpwndpl=0x3fe688) returned 1 [0139.352] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0x47, wParam=0x0, lParam=0x3fe8d8) returned 0x0 [0139.352] GetClientRect (in: hWnd=0x1015a, lpRect=0x3fe638 | out: lpRect=0x3fe638) returned 1 [0139.352] GetWindowRect (in: hWnd=0x1015a, lpRect=0x3fe638 | out: lpRect=0x3fe638) returned 1 [0139.353] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0x83, wParam=0x1, lParam=0x3fe4bc) returned 0x0 [0139.356] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0139.358] GetWindowPlacement (in: hWnd=0x1015a, lpwndpl=0x3fe2ac | out: lpwndpl=0x3fe2ac) returned 1 [0139.358] GetClientRect (in: hWnd=0x1015a, lpRect=0x3fe258 | out: lpRect=0x3fe258) returned 1 [0139.358] GetWindowTextLengthW (hWnd=0x1015a) returned 9 [0139.358] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0139.358] GetSystemMetrics (nIndex=42) returned 0 [0139.358] GetWindowTextW (in: hWnd=0x1015a, lpString=0x3fe11c, nMaxCount=10 | out: lpString="no reason") returned 9 [0139.358] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0xd, wParam=0xa, lParam=0x3fe11c) returned 0x9 [0139.358] GetClientRect (in: hWnd=0x1015a, lpRect=0x3fe160 | out: lpRect=0x3fe160) returned 1 [0139.358] GetCurrentObject (hdc=0x40101b8, type=0x1) returned 0x1b00017 [0139.358] GetCurrentObject (hdc=0x40101b8, type=0x2) returned 0x1900010 [0139.358] GetCurrentObject (hdc=0x40101b8, type=0x7) returned 0x60501e1 [0139.358] GetCurrentObject (hdc=0x40101b8, type=0x6) returned 0x18a002e [0139.358] SaveDC (hdc=0x40101b8) returned 1 [0139.358] GetNearestColor (hdc=0x40101b8, color=0xf0f0f0) returned 0xf0f0f0 [0139.358] CreateSolidBrush (color=0xf0f0f0) returned 0x131001dc [0139.359] FillRect (hDC=0x40101b8, lprc=0x3fe000, hbr=0x131001dc) returned 1 [0139.359] DeleteObject (ho=0x131001dc) returned 1 [0139.359] RestoreDC (hdc=0x40101b8, nSavedDC=-1) returned 1 [0139.359] SetWindowLongW (hWnd=0x1015a, nIndex=-8, dwNewLong=65884) returned 65884 [0139.359] SendMessageW (hWnd=0x1015c, Msg=0x80, wParam=0x1, lParam=0x2013b) returned 0x0 [0139.359] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015c, Msg=0x80, wParam=0x1, lParam=0x2013b) returned 0x0 [0139.360] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015c, Msg=0xd, wParam=0x104, lParam=0x495c610) returned 0x0 [0139.360] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015c, Msg=0xd, wParam=0x104, lParam=0x495c610) returned 0x0 [0139.361] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x74a30000 [0139.361] GetWindowLongW (hWnd=0x1015a, nIndex=-16) returned 382664704 [0139.361] GetWindowTextLengthW (hWnd=0x1015a) returned 9 [0139.361] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0139.361] GetSystemMetrics (nIndex=42) returned 0 [0139.361] GetWindowTextW (in: hWnd=0x1015a, lpString=0x3fe908, nMaxCount=10 | out: lpString="no reason") returned 9 [0139.361] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0xd, wParam=0xa, lParam=0x3fe908) returned 0x9 [0139.361] GetWindowTextLengthW (hWnd=0x1015a) returned 9 [0139.361] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0139.361] GetSystemMetrics (nIndex=42) returned 0 [0139.361] GetWindowTextW (in: hWnd=0x1015a, lpString=0x3fe908, nMaxCount=10 | out: lpString="no reason") returned 9 [0139.361] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0xd, wParam=0xa, lParam=0x3fe908) returned 0x9 [0139.361] GetWindowLongW (hWnd=0x1015a, nIndex=-16) returned 382664704 [0139.361] GetWindowLongW (hWnd=0x1015a, nIndex=-20) returned 590208 [0139.361] SetWindowLongW (hWnd=0x1015a, nIndex=-16, dwNewLong=315555840) returned 382664704 [0139.361] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0x7c, wParam=0xfffffff0, lParam=0x3fe964) returned 0x0 [0139.362] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0x7d, wParam=0xfffffff0, lParam=0x3fe964) returned 0x0 [0139.362] SetWindowLongW (hWnd=0x1015a, nIndex=-20, dwNewLong=589952) returned 590208 [0139.362] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0x7c, wParam=0xffffffec, lParam=0x3fe964) returned 0x0 [0139.362] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0x7d, wParam=0xffffffec, lParam=0x3fe964) returned 0x0 [0139.362] SetWindowPos (hWnd=0x1015a, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0139.362] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0x46, wParam=0x0, lParam=0x3fe984) returned 0x0 [0139.362] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0x83, wParam=0x1, lParam=0x3fe95c) returned 0x0 [0139.365] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0139.468] GetWindowPlacement (in: hWnd=0x1015a, lpwndpl=0x3fe74c | out: lpwndpl=0x3fe74c) returned 1 [0139.468] GetClientRect (in: hWnd=0x1015a, lpRect=0x3fe6f8 | out: lpRect=0x3fe6f8) returned 1 [0139.468] GetWindowTextLengthW (hWnd=0x1015a) returned 9 [0139.468] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0139.468] GetSystemMetrics (nIndex=42) returned 0 [0139.468] GetWindowTextW (in: hWnd=0x1015a, lpString=0x3fe5bc, nMaxCount=10 | out: lpString="no reason") returned 9 [0139.468] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0xd, wParam=0xa, lParam=0x3fe5bc) returned 0x9 [0139.468] GetClientRect (in: hWnd=0x1015a, lpRect=0x3fe600 | out: lpRect=0x3fe600) returned 1 [0139.468] GetCurrentObject (hdc=0x7010156, type=0x1) returned 0x1b00017 [0139.468] GetCurrentObject (hdc=0x7010156, type=0x2) returned 0x1900010 [0139.468] GetCurrentObject (hdc=0x7010156, type=0x7) returned 0x60501e1 [0139.468] GetCurrentObject (hdc=0x7010156, type=0x6) returned 0x18a002e [0139.468] SaveDC (hdc=0x7010156) returned 1 [0139.468] GetNearestColor (hdc=0x7010156, color=0xf0f0f0) returned 0xf0f0f0 [0139.468] CreateSolidBrush (color=0xf0f0f0) returned 0x141001dc [0139.468] FillRect (hDC=0x7010156, lprc=0x3fe4a0, hbr=0x141001dc) returned 1 [0139.468] DeleteObject (ho=0x141001dc) returned 1 [0139.469] RestoreDC (hdc=0x7010156, nSavedDC=-1) returned 1 [0139.469] GetWindowPlacement (in: hWnd=0x1015a, lpwndpl=0x3fe734 | out: lpwndpl=0x3fe734) returned 1 [0139.469] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0x47, wParam=0x0, lParam=0x3fe984) returned 0x0 [0139.469] GetClientRect (in: hWnd=0x1015a, lpRect=0x3fe6e4 | out: lpRect=0x3fe6e4) returned 1 [0139.469] GetWindowRect (in: hWnd=0x1015a, lpRect=0x3fe6e4 | out: lpRect=0x3fe6e4) returned 1 [0139.469] RedrawWindow (hWnd=0x1015a, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0139.469] GetSystemMenu (hWnd=0x1015a, bRevert=0) returned 0x2015d [0139.469] GetWindowPlacement (in: hWnd=0x1015a, lpwndpl=0x3fe9bc | out: lpwndpl=0x3fe9bc) returned 1 [0139.469] EnableMenuItem (hMenu=0x2015d, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0139.469] EnableMenuItem (hMenu=0x2015d, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0139.469] EnableMenuItem (hMenu=0x2015d, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0139.469] EnableMenuItem (hMenu=0x2015d, uIDEnableItem=0xf120, uEnable=0x1) returned 1 [0139.469] EnableMenuItem (hMenu=0x2015d, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0139.470] SetWindowLongW (hWnd=0x10156, nIndex=-8, dwNewLong=65882) returned 65880 [0139.573] GetCurrentProcessId () returned 0x670 [0139.577] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x3fe39c | out: lpLuid=0x3fe39c*(LowPart=0x14, HighPart=0)) returned 1 [0139.578] GetCurrentProcess () returned 0xffffffff [0139.579] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x3fe398 | out: TokenHandle=0x3fe398*=0x24c) returned 1 [0139.579] AdjustTokenPrivileges (in: TokenHandle=0x24c, DisableAllPrivileges=0, NewState=0x24be4dc*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0139.579] CloseHandle (hObject=0x24c) returned 1 [0139.580] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x670) returned 0x24c [0139.581] GetExitCodeProcess (in: hProcess=0x24c, lpExitCode=0x24be468 | out: lpExitCode=0x24be468*=0x103) returned 1 [0139.594] CheckRemoteDebuggerPresent (in: hProcess=0x24c, pbDebuggerPresent=0x3feaf4 | out: pbDebuggerPresent=0x3feaf4) returned 1 [0139.617] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SbieDll.dll", cchWideChar=11, lpMultiByteStr=0x3fea94, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SbieDll.dlluëQ&", lpUsedDefaultChar=0x0) returned 11 [0139.618] GetModuleHandleA (lpModuleName="SbieDll.dll") returned 0x0 [0140.652] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x250 [0140.654] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x254 [0140.672] SetEvent (hEvent=0x254) returned 1 [0140.679] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x3fe9fc*=0x250, lpdwindex=0x3fe81c | out: lpdwindex=0x3fe81c) returned 0x0 [0140.959] CoGetContextToken (in: pToken=0x3fe8c8 | out: pToken=0x3fe8c8) returned 0x0 [0140.960] CoGetContextToken (in: pToken=0x3fe828 | out: pToken=0x3fe828) returned 0x0 [0140.960] WbemDefPath:IUnknown:QueryInterface (in: This=0x8bb0820, riid=0x3fe8f8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3fe8f4 | out: ppvObject=0x3fe8f4*=0x8bb0820) returned 0x0 [0140.960] WbemDefPath:IUnknown:AddRef (This=0x8bb0820) returned 0x3 [0140.960] WbemDefPath:IUnknown:Release (This=0x8bb0820) returned 0x2 [0140.966] WbemDefPath:IWbemPath:SetText (This=0x8bb0820, uMode=0x4, pszPath="Win32_OperatingSystem") returned 0x0 [0140.966] WbemDefPath:IWbemPath:GetInfo (in: This=0x8bb0820, uRequestedInfo=0x0, puResponse=0x3feaa8 | out: puResponse=0x3feaa8*=0xc15) returned 0x0 [0140.967] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x8bb0820, puCount=0x3feaa0 | out: puCount=0x3feaa0*=0x0) returned 0x0 [0140.969] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b4 [0140.969] SetEvent (hEvent=0x254) returned 1 [0140.969] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x3fe2fc*=0x2b4, lpdwindex=0x3fe11c | out: lpdwindex=0x3fe11c) returned 0x0 [0140.974] CoGetContextToken (in: pToken=0x3fe1c8 | out: pToken=0x3fe1c8) returned 0x0 [0140.974] CoGetContextToken (in: pToken=0x3fe128 | out: pToken=0x3fe128) returned 0x0 [0140.974] WbemDefPath:IUnknown:QueryInterface (in: This=0x8bb0998, riid=0x3fe1f8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3fe1f4 | out: ppvObject=0x3fe1f4*=0x8bb0998) returned 0x0 [0140.975] WbemDefPath:IUnknown:AddRef (This=0x8bb0998) returned 0x3 [0140.975] WbemDefPath:IUnknown:Release (This=0x8bb0998) returned 0x2 [0140.975] WbemDefPath:IWbemPath:SetText (This=0x8bb0998, uMode=0x4, pszPath="//./root/cimv2") returned 0x0 [0140.975] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x8bb0998, puCount=0x3fea78 | out: puCount=0x3fea78*=0x2) returned 0x0 [0140.976] WbemDefPath:IWbemPath:GetText (in: This=0x8bb0998, lFlags=4, puBuffLength=0x3fea74*=0x0, pszText=0x0 | out: puBuffLength=0x3fea74*=0xf, pszText=0x0) returned 0x0 [0140.976] WbemDefPath:IWbemPath:GetText (in: This=0x8bb0998, lFlags=4, puBuffLength=0x3fea74*=0xf, pszText="00000000000000" | out: puBuffLength=0x3fea74*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0140.987] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x3fe914*=0x2c8, lpdwindex=0x3fe7c4 | out: lpdwindex=0x3fe7c4) returned 0x0 [0143.059] CoGetContextToken (in: pToken=0x3fe6d0 | out: pToken=0x3fe6d0) returned 0x0 [0143.059] CoGetContextToken (in: pToken=0x3fe678 | out: pToken=0x3fe678) returned 0x0 [0143.059] IUnknown:QueryInterface (in: This=0x53c478, riid=0x75073c98*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fe658 | out: ppvObject=0x3fe658*=0x53c488) returned 0x0 [0143.086] CObjectContext::ContextCallback () returned 0x0 [0143.088] BeginPaint (in: hWnd=0x1015a, lpPaint=0x3fd914 | out: lpPaint=0x3fd914) returned 0x3f010787 [0143.089] GetWindowPlacement (in: hWnd=0x1015a, lpwndpl=0x3fd670 | out: lpwndpl=0x3fd670) returned 1 [0143.089] GetClientRect (in: hWnd=0x1015a, lpRect=0x3fd61c | out: lpRect=0x3fd61c) returned 1 [0143.089] GetWindowTextLengthW (hWnd=0x1015a) returned 9 [0143.089] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0143.089] GetSystemMetrics (nIndex=42) returned 0 [0143.089] GetWindowTextW (in: hWnd=0x1015a, lpString=0x3fd4e0, nMaxCount=10 | out: lpString="no reason") returned 9 [0143.089] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0xd, wParam=0xa, lParam=0x3fd4e0) returned 0x9 [0143.089] GetClientRect (in: hWnd=0x1015a, lpRect=0x3fd524 | out: lpRect=0x3fd524) returned 1 [0143.089] GetCurrentObject (hdc=0x3f010787, type=0x1) returned 0x1b00017 [0143.089] GetCurrentObject (hdc=0x3f010787, type=0x2) returned 0x1900010 [0143.089] GetCurrentObject (hdc=0x3f010787, type=0x7) returned 0x60501e1 [0143.090] GetCurrentObject (hdc=0x3f010787, type=0x6) returned 0x18a002e [0143.090] SaveDC (hdc=0x3f010787) returned 1 [0143.090] GetNearestColor (hdc=0x3f010787, color=0xf0f0f0) returned 0xf0f0f0 [0143.090] CreateSolidBrush (color=0xf0f0f0) returned 0x151001dc [0143.090] FillRect (hDC=0x3f010787, lprc=0x3fd3c4, hbr=0x151001dc) returned 1 [0143.090] DeleteObject (ho=0x151001dc) returned 1 [0143.090] RestoreDC (hdc=0x3f010787, nSavedDC=-1) returned 1 [0143.093] GdipCreateHalftonePalette () returned 0x1008078a [0143.093] SelectPalette (hdc=0x3f010787, hPal=0x1008078a, bForceBkgd=1) returned 0x188000b [0143.093] GetWindowTextLengthW (hWnd=0x1015a) returned 9 [0143.093] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x9 [0143.093] GetSystemMetrics (nIndex=42) returned 0 [0143.093] GetWindowTextW (in: hWnd=0x1015a, lpString=0x3fd8a8, nMaxCount=10 | out: lpString="no reason") returned 9 [0143.093] CallWindowProcW (lpPrevWndFunc=0x77d625dd, hWnd=0x1015a, Msg=0xd, wParam=0xa, lParam=0x3fd8a8) returned 0x9 [0143.093] SelectPalette (hdc=0x3f010787, hPal=0x188000b, bForceBkgd=0) returned 0x1008078a [0143.093] EndPaint (hWnd=0x1015a, lpPaint=0x3fd910) returned 1 [0143.098] IUnknown:Release (This=0x53c488) returned 0x1 [0143.098] CoUnmarshalInterface (in: pStm=0x56f500, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x3fe6c0 | out: ppv=0x3fe6c0*=0x58e4ec) returned 0x0 [0143.098] CoMarshalInterface (pStm=0x56f500, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x58e4ec, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0143.099] WbemLocator:IUnknown:QueryInterface (in: This=0x58e4ec, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fe564 | out: ppvObject=0x3fe564*=0x58e4ec) returned 0x0 [0143.099] WbemLocator:IUnknown:QueryInterface (in: This=0x58e4ec, riid=0x7511fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3fe520 | out: ppvObject=0x3fe520*=0x0) returned 0x80004002 [0143.099] WbemLocator:IUnknown:QueryInterface (in: This=0x58e4ec, riid=0x7511fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3fe33c | out: ppvObject=0x3fe33c*=0x0) returned 0x80004002 [0143.100] WbemLocator:IUnknown:AddRef (This=0x58e4ec) returned 0x3 [0143.100] WbemLocator:IUnknown:QueryInterface (in: This=0x58e4ec, riid=0x7511f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3fde7c | out: ppvObject=0x3fde7c*=0x0) returned 0x80004002 [0143.100] WbemLocator:IUnknown:QueryInterface (in: This=0x58e4ec, riid=0x7511f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3fde2c | out: ppvObject=0x3fde2c*=0x0) returned 0x80004002 [0143.101] WbemLocator:IUnknown:QueryInterface (in: This=0x58e4ec, riid=0x7510c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fde38 | out: ppvObject=0x3fde38*=0x58e44c) returned 0x0 [0143.101] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x58e44c, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3fde40 | out: pCid=0x3fde40*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0143.101] WbemLocator:IUnknown:Release (This=0x58e44c) returned 0x3 [0143.101] CoGetContextToken (in: pToken=0x3fde98 | out: pToken=0x3fde98) returned 0x0 [0143.101] IUnknown:QueryInterface (in: This=0x53c308, riid=0x7511d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fde5c | out: ppvObject=0x3fde5c*=0x53c314) returned 0x0 [0143.101] IComThreadingInfo:GetCurrentApartmentType (in: This=0x53c314, pAptType=0x3fdea0 | out: pAptType=0x3fdea0*=3) returned 0x0 [0143.101] IUnknown:Release (This=0x53c314) returned 0x0 [0143.101] CoGetObjectContext (in: riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x590eb4 | out: ppv=0x590eb4*=0x53c308) returned 0x0 [0143.101] CoGetContextToken (in: pToken=0x3fe2a0 | out: pToken=0x3fe2a0) returned 0x0 [0143.101] WbemLocator:IUnknown:QueryInterface (in: This=0x58e4ec, riid=0x7511fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fe330 | out: ppvObject=0x3fe330*=0x58e4d4) returned 0x0 [0143.101] WbemLocator:IRpcOptions:Query (in: This=0x58e4d4, pPrx=0x58e4ec, dwProperty=2, pdwValue=0x3fe358 | out: pdwValue=0x3fe358) returned 0x0 [0143.101] WbemLocator:IUnknown:Release (This=0x58e4d4) returned 0x3 [0143.103] WbemLocator:IUnknown:Release (This=0x58e4ec) returned 0x2 [0143.103] WbemLocator:IUnknown:Release (This=0x58e4ec) returned 0x1 [0143.103] CoGetContextToken (in: pToken=0x3fe610 | out: pToken=0x3fe610) returned 0x0 [0143.103] WbemLocator:IUnknown:AddRef (This=0x58e4ec) returned 0x2 [0143.104] WbemLocator:IUnknown:QueryInterface (in: This=0x58e4ec, riid=0x74541104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fe8cc | out: ppvObject=0x3fe8cc*=0x58e4cc) returned 0x0 [0143.104] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x58e4cc, pProxy=0x58e4ec, pAuthnSvc=0x3fe91c, pAuthzSvc=0x3fe918, pServerPrincName=0x3fe910, pAuthnLevel=0x3fe914, pImpLevel=0x3fe904, pAuthInfo=0x3fe908, pCapabilites=0x3fe90c | out: pAuthnSvc=0x3fe91c*=0xa, pAuthzSvc=0x3fe918*=0x0, pServerPrincName=0x3fe910, pAuthnLevel=0x3fe914*=0x6, pImpLevel=0x3fe904*=0x2, pAuthInfo=0x3fe908, pCapabilites=0x3fe90c*=0x1) returned 0x0 [0143.104] WbemLocator:IUnknown:Release (This=0x58e4cc) returned 0x2 [0143.104] WbemLocator:IUnknown:QueryInterface (in: This=0x58e4ec, riid=0x745410f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fe8c0 | out: ppvObject=0x3fe8c0*=0x58e4ec) returned 0x0 [0143.104] WbemLocator:IUnknown:QueryInterface (in: This=0x58e4ec, riid=0x74541104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fe8bc | out: ppvObject=0x3fe8bc*=0x58e4cc) returned 0x0 [0143.104] WbemLocator:IClientSecurity:SetBlanket (This=0x58e4cc, pProxy=0x58e4ec, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0143.104] WbemLocator:IUnknown:Release (This=0x58e4cc) returned 0x3 [0143.104] WbemLocator:IUnknown:Release (This=0x58e4ec) returned 0x2 [0143.104] CoTaskMemFree (pv=0x593f78) [0143.105] WbemLocator:IUnknown:Release (This=0x58e4ec) returned 0x1 [0143.105] SysStringLen (param_1=0x0) returned 0x0 [0143.105] CoGetContextToken (in: pToken=0x3fe888 | out: pToken=0x3fe888) returned 0x0 [0143.105] CoGetContextToken (in: pToken=0x3fe7e8 | out: pToken=0x3fe7e8) returned 0x0 [0143.105] WbemLocator:IUnknown:QueryInterface (in: This=0x58e4ec, riid=0x3fe8b8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x3fe8b4 | out: ppvObject=0x3fe8b4*=0x8bbca1c) returned 0x0 [0143.105] WbemLocator:IUnknown:AddRef (This=0x8bbca1c) returned 0x3 [0143.105] WbemLocator:IUnknown:Release (This=0x8bbca1c) returned 0x2 [0143.105] CoGetContextToken (in: pToken=0x3fe848 | out: pToken=0x3fe848) returned 0x0 [0143.106] WbemLocator:IUnknown:AddRef (This=0x8bbca1c) returned 0x3 [0143.106] WbemLocator:IUnknown:QueryInterface (in: This=0x8bbca1c, riid=0x74541104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fe8cc | out: ppvObject=0x3fe8cc*=0x58e4cc) returned 0x0 [0143.106] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x58e4cc, pProxy=0x8bbca1c, pAuthnSvc=0x3fe91c, pAuthzSvc=0x3fe918, pServerPrincName=0x3fe910, pAuthnLevel=0x3fe914, pImpLevel=0x3fe904, pAuthInfo=0x3fe908, pCapabilites=0x3fe90c | out: pAuthnSvc=0x3fe91c*=0xa, pAuthzSvc=0x3fe918*=0x0, pServerPrincName=0x3fe910, pAuthnLevel=0x3fe914*=0x6, pImpLevel=0x3fe904*=0x2, pAuthInfo=0x3fe908, pCapabilites=0x3fe90c*=0x1) returned 0x0 [0143.106] WbemLocator:IUnknown:Release (This=0x58e4cc) returned 0x3 [0143.106] WbemLocator:IUnknown:QueryInterface (in: This=0x8bbca1c, riid=0x745410f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fe8c0 | out: ppvObject=0x3fe8c0*=0x58e4ec) returned 0x0 [0143.106] WbemLocator:IUnknown:QueryInterface (in: This=0x8bbca1c, riid=0x74541104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fe8bc | out: ppvObject=0x3fe8bc*=0x58e4cc) returned 0x0 [0143.106] WbemLocator:IClientSecurity:SetBlanket (This=0x58e4cc, pProxy=0x8bbca1c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0143.106] WbemLocator:IUnknown:Release (This=0x58e4cc) returned 0x4 [0143.106] WbemLocator:IUnknown:Release (This=0x58e4ec) returned 0x3 [0143.106] CoTaskMemFree (pv=0x593f78) [0143.106] WbemLocator:IUnknown:Release (This=0x8bbca1c) returned 0x2 [0143.106] SysStringLen (param_1=0x0) returned 0x0 [0143.106] CoGetContextToken (in: pToken=0x3fe7c0 | out: pToken=0x3fe7c0) returned 0x0 [0143.106] WbemLocator:IUnknown:AddRef (This=0x8bbca1c) returned 0x3 [0143.106] IWbemServices:ExecQuery (in: This=0x8bbca1c, strQueryLanguage="WQL", strQuery="select * from Win32_OperatingSystem", lFlags=16, pCtx=0x0, ppEnum=0x3fe9d8 | out: ppEnum=0x3fe9d8*=0x8bbd3d4) returned 0x0 [0143.112] IUnknown:QueryInterface (in: This=0x8bbd3d4, riid=0x74541104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fe830 | out: ppvObject=0x3fe830*=0x8bbd3d8) returned 0x0 [0143.112] IClientSecurity:QueryBlanket (in: This=0x8bbd3d8, pProxy=0x8bbd3d4, pAuthnSvc=0x3fe880, pAuthzSvc=0x3fe87c, pServerPrincName=0x3fe874, pAuthnLevel=0x3fe878, pImpLevel=0x3fe868, pAuthInfo=0x3fe86c, pCapabilites=0x3fe870 | out: pAuthnSvc=0x3fe880*=0xa, pAuthzSvc=0x3fe87c*=0x0, pServerPrincName=0x3fe874, pAuthnLevel=0x3fe878*=0x6, pImpLevel=0x3fe868*=0x2, pAuthInfo=0x3fe86c, pCapabilites=0x3fe870*=0x1) returned 0x0 [0143.112] IUnknown:Release (This=0x8bbd3d8) returned 0x1 [0143.112] IUnknown:QueryInterface (in: This=0x8bbd3d4, riid=0x745410f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fe824 | out: ppvObject=0x3fe824*=0x59b6d4) returned 0x0 [0143.112] IUnknown:QueryInterface (in: This=0x8bbd3d4, riid=0x74541104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fe820 | out: ppvObject=0x3fe820*=0x8bbd3d8) returned 0x0 [0143.112] IClientSecurity:SetBlanket (This=0x8bbd3d8, pProxy=0x8bbd3d4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0143.116] IUnknown:Release (This=0x8bbd3d8) returned 0x2 [0143.116] WbemLocator:IUnknown:Release (This=0x59b6d4) returned 0x1 [0143.116] CoTaskMemFree (pv=0x593fa8) [0143.116] IUnknown:QueryInterface (in: This=0x8bbd3d4, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fe41c | out: ppvObject=0x3fe41c*=0x59b6d4) returned 0x0 [0143.116] WbemLocator:IUnknown:QueryInterface (in: This=0x59b6d4, riid=0x7511fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3fe3d8 | out: ppvObject=0x3fe3d8*=0x0) returned 0x80004002 [0143.116] WbemLocator:IUnknown:QueryInterface (in: This=0x59b6d4, riid=0x7511fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3fe1f4 | out: ppvObject=0x3fe1f4*=0x0) returned 0x80004002 [0143.117] WbemLocator:IUnknown:AddRef (This=0x59b6d4) returned 0x3 [0143.117] WbemLocator:IUnknown:QueryInterface (in: This=0x59b6d4, riid=0x7511f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3fdd34 | out: ppvObject=0x3fdd34*=0x0) returned 0x80004002 [0143.117] WbemLocator:IUnknown:QueryInterface (in: This=0x59b6d4, riid=0x7511f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3fdce4 | out: ppvObject=0x3fdce4*=0x0) returned 0x80004002 [0143.118] WbemLocator:IUnknown:QueryInterface (in: This=0x59b6d4, riid=0x7510c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fdcf0 | out: ppvObject=0x3fdcf0*=0x59b634) returned 0x0 [0143.118] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x59b634, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3fdcf8 | out: pCid=0x3fdcf8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0143.118] WbemLocator:IUnknown:Release (This=0x59b634) returned 0x3 [0143.118] CoGetContextToken (in: pToken=0x3fdd50 | out: pToken=0x3fdd50) returned 0x0 [0143.118] CoGetContextToken (in: pToken=0x3fe158 | out: pToken=0x3fe158) returned 0x0 [0143.118] WbemLocator:IUnknown:QueryInterface (in: This=0x59b6d4, riid=0x7511fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fe1e8 | out: ppvObject=0x3fe1e8*=0x59b6bc) returned 0x0 [0143.118] WbemLocator:IRpcOptions:Query (in: This=0x59b6bc, pPrx=0x59b6d4, dwProperty=2, pdwValue=0x3fe210 | out: pdwValue=0x3fe210) returned 0x80004002 [0143.118] WbemLocator:IUnknown:Release (This=0x59b6bc) returned 0x3 [0143.118] WbemLocator:IUnknown:Release (This=0x59b6d4) returned 0x2 [0143.118] CoGetContextToken (in: pToken=0x3fe730 | out: pToken=0x3fe730) returned 0x0 [0143.118] CoGetContextToken (in: pToken=0x3fe690 | out: pToken=0x3fe690) returned 0x0 [0143.118] WbemLocator:IUnknown:QueryInterface (in: This=0x59b6d4, riid=0x3fe760*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3fe75c | out: ppvObject=0x3fe75c*=0x8bbd3d4) returned 0x0 [0143.118] IUnknown:AddRef (This=0x8bbd3d4) returned 0x4 [0143.119] IUnknown:Release (This=0x8bbd3d4) returned 0x3 [0143.119] IUnknown:Release (This=0x8bbd3d4) returned 0x2 [0143.119] WbemLocator:IUnknown:Release (This=0x8bbca1c) returned 0x2 [0143.119] SysStringLen (param_1=0x0) returned 0x0 [0143.119] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x8bb0998, puCount=0x3fea24 | out: puCount=0x3fea24*=0x2) returned 0x0 [0143.119] WbemDefPath:IWbemPath:GetText (in: This=0x8bb0998, lFlags=4, puBuffLength=0x3fea20*=0x0, pszText=0x0 | out: puBuffLength=0x3fea20*=0xf, pszText=0x0) returned 0x0 [0143.119] WbemDefPath:IWbemPath:GetText (in: This=0x8bb0998, lFlags=4, puBuffLength=0x3fea20*=0xf, pszText="00000000000000" | out: puBuffLength=0x3fea20*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0143.119] CoGetContextToken (in: pToken=0x3fe860 | out: pToken=0x3fe860) returned 0x0 [0143.119] IUnknown:AddRef (This=0x8bbd3d4) returned 0x3 [0143.119] IEnumWbemClassObject:Clone (in: This=0x8bbd3d4, ppEnum=0x3fea20 | out: ppEnum=0x3fea20*=0x8bbd49c) returned 0x0 [0143.124] IUnknown:QueryInterface (in: This=0x8bbd49c, riid=0x74541104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fe8e4 | out: ppvObject=0x3fe8e4*=0x8bbd4a0) returned 0x0 [0143.124] IClientSecurity:QueryBlanket (in: This=0x8bbd4a0, pProxy=0x8bbd49c, pAuthnSvc=0x3fe934, pAuthzSvc=0x3fe930, pServerPrincName=0x3fe928, pAuthnLevel=0x3fe92c, pImpLevel=0x3fe91c, pAuthInfo=0x3fe920, pCapabilites=0x3fe924 | out: pAuthnSvc=0x3fe934*=0xa, pAuthzSvc=0x3fe930*=0x0, pServerPrincName=0x3fe928, pAuthnLevel=0x3fe92c*=0x6, pImpLevel=0x3fe91c*=0x2, pAuthInfo=0x3fe920, pCapabilites=0x3fe924*=0x1) returned 0x0 [0143.124] IUnknown:Release (This=0x8bbd4a0) returned 0x1 [0143.124] IUnknown:QueryInterface (in: This=0x8bbd49c, riid=0x745410f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fe8d8 | out: ppvObject=0x3fe8d8*=0x59b8b4) returned 0x0 [0143.124] IUnknown:QueryInterface (in: This=0x8bbd49c, riid=0x74541104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fe8d4 | out: ppvObject=0x3fe8d4*=0x8bbd4a0) returned 0x0 [0143.124] IClientSecurity:SetBlanket (This=0x8bbd4a0, pProxy=0x8bbd49c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0143.126] IUnknown:Release (This=0x8bbd4a0) returned 0x2 [0143.126] WbemLocator:IUnknown:Release (This=0x59b8b4) returned 0x1 [0143.126] CoTaskMemFree (pv=0x593fa8) [0143.127] IUnknown:QueryInterface (in: This=0x8bbd49c, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fe4c0 | out: ppvObject=0x3fe4c0*=0x59b8b4) returned 0x0 [0143.127] WbemLocator:IUnknown:QueryInterface (in: This=0x59b8b4, riid=0x7511fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3fe47c | out: ppvObject=0x3fe47c*=0x0) returned 0x80004002 [0143.127] WbemLocator:IUnknown:QueryInterface (in: This=0x59b8b4, riid=0x7511fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3fe29c | out: ppvObject=0x3fe29c*=0x0) returned 0x80004002 [0143.128] WbemLocator:IUnknown:AddRef (This=0x59b8b4) returned 0x3 [0143.128] WbemLocator:IUnknown:QueryInterface (in: This=0x59b8b4, riid=0x7511f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3fdddc | out: ppvObject=0x3fdddc*=0x0) returned 0x80004002 [0143.128] WbemLocator:IUnknown:QueryInterface (in: This=0x59b8b4, riid=0x7511f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3fdd8c | out: ppvObject=0x3fdd8c*=0x0) returned 0x80004002 [0143.129] WbemLocator:IUnknown:QueryInterface (in: This=0x59b8b4, riid=0x7510c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fdd98 | out: ppvObject=0x3fdd98*=0x59b814) returned 0x0 [0143.129] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x59b814, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3fdda0 | out: pCid=0x3fdda0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0143.129] WbemLocator:IUnknown:Release (This=0x59b814) returned 0x3 [0143.129] CoGetContextToken (in: pToken=0x3fddf8 | out: pToken=0x3fddf8) returned 0x0 [0143.129] CoGetContextToken (in: pToken=0x3fe200 | out: pToken=0x3fe200) returned 0x0 [0143.129] WbemLocator:IUnknown:QueryInterface (in: This=0x59b8b4, riid=0x7511fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fe290 | out: ppvObject=0x3fe290*=0x59b89c) returned 0x0 [0143.129] WbemLocator:IRpcOptions:Query (in: This=0x59b89c, pPrx=0x59b8b4, dwProperty=2, pdwValue=0x3fe2b8 | out: pdwValue=0x3fe2b8) returned 0x80004002 [0143.129] WbemLocator:IUnknown:Release (This=0x59b89c) returned 0x3 [0143.129] WbemLocator:IUnknown:Release (This=0x59b8b4) returned 0x2 [0143.129] CoGetContextToken (in: pToken=0x3fe7d0 | out: pToken=0x3fe7d0) returned 0x0 [0143.129] CoGetContextToken (in: pToken=0x3fe730 | out: pToken=0x3fe730) returned 0x0 [0143.129] WbemLocator:IUnknown:QueryInterface (in: This=0x59b8b4, riid=0x3fe800*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3fe7fc | out: ppvObject=0x3fe7fc*=0x8bbd49c) returned 0x0 [0143.129] IUnknown:AddRef (This=0x8bbd49c) returned 0x4 [0143.129] IUnknown:Release (This=0x8bbd49c) returned 0x3 [0143.129] IUnknown:Release (This=0x8bbd49c) returned 0x2 [0143.129] IUnknown:Release (This=0x8bbd3d4) returned 0x2 [0143.129] SysStringLen (param_1=0x0) returned 0x0 [0143.130] IEnumWbemClassObject:Reset (This=0x8bbd49c) returned 0x0 [0143.335] CoTaskMemAlloc (cb=0x4) returned 0x5703c0 [0143.337] IEnumWbemClassObject:Next (in: This=0x8bbd49c, lTimeout=-1, uCount=0x1, apObjects=0x5703c0, puReturned=0x24c2cac | out: apObjects=0x5703c0*=0x8bbd4d8, puReturned=0x24c2cac*=0x1) returned 0x0 [0143.342] IUnknown:QueryInterface (in: This=0x8bbd4d8, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fe080 | out: ppvObject=0x3fe080*=0x8bbd4d8) returned 0x0 [0143.342] IUnknown:QueryInterface (in: This=0x8bbd4d8, riid=0x7511fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3fe03c | out: ppvObject=0x3fe03c*=0x0) returned 0x80004002 [0143.343] IUnknown:QueryInterface (in: This=0x8bbd4d8, riid=0x7511fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3fde5c | out: ppvObject=0x3fde5c*=0x0) returned 0x80004002 [0143.343] IUnknown:AddRef (This=0x8bbd4d8) returned 0x3 [0143.343] IUnknown:QueryInterface (in: This=0x8bbd4d8, riid=0x7511f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3fd99c | out: ppvObject=0x3fd99c*=0x0) returned 0x80004002 [0143.343] IUnknown:QueryInterface (in: This=0x8bbd4d8, riid=0x7511f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3fd94c | out: ppvObject=0x3fd94c*=0x0) returned 0x80004002 [0143.343] IUnknown:QueryInterface (in: This=0x8bbd4d8, riid=0x7510c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fd958 | out: ppvObject=0x3fd958*=0x8bbd4dc) returned 0x0 [0143.343] IMarshal:GetUnmarshalClass (in: This=0x8bbd4dc, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3fd960 | out: pCid=0x3fd960*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0143.343] IUnknown:Release (This=0x8bbd4dc) returned 0x3 [0143.343] CoGetContextToken (in: pToken=0x3fd9b8 | out: pToken=0x3fd9b8) returned 0x0 [0143.343] CoGetContextToken (in: pToken=0x3fddc0 | out: pToken=0x3fddc0) returned 0x0 [0143.343] IUnknown:QueryInterface (in: This=0x8bbd4d8, riid=0x7511fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fde50 | out: ppvObject=0x3fde50*=0x0) returned 0x80004002 [0143.343] IUnknown:Release (This=0x8bbd4d8) returned 0x2 [0143.344] CoGetContextToken (in: pToken=0x3fe390 | out: pToken=0x3fe390) returned 0x0 [0143.344] CoGetContextToken (in: pToken=0x3fe2f0 | out: pToken=0x3fe2f0) returned 0x0 [0143.344] IUnknown:QueryInterface (in: This=0x8bbd4d8, riid=0x3fe3c0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3fe3bc | out: ppvObject=0x3fe3bc*=0x8bbd4d8) returned 0x0 [0143.344] IUnknown:AddRef (This=0x8bbd4d8) returned 0x4 [0143.344] IUnknown:Release (This=0x8bbd4d8) returned 0x3 [0143.344] IUnknown:Release (This=0x8bbd4d8) returned 0x2 [0143.344] CoTaskMemFree (pv=0x5703c0) [0143.344] CoGetContextToken (in: pToken=0x3fe700 | out: pToken=0x3fe700) returned 0x0 [0143.344] IUnknown:AddRef (This=0x8bbd4d8) returned 0x3 [0143.344] CoTaskMemAlloc (cb=0x4) returned 0x5703c0 [0143.344] IEnumWbemClassObject:Next (in: This=0x8bbd49c, lTimeout=-1, uCount=0x1, apObjects=0x5703c0, puReturned=0x24c2cac | out: apObjects=0x5703c0*=0x0, puReturned=0x24c2cac*=0x0) returned 0x1 [0143.346] CoTaskMemFree (pv=0x5703c0) [0143.346] CoGetContextToken (in: pToken=0x3fe870 | out: pToken=0x3fe870) returned 0x0 [0143.346] IUnknown:AddRef (This=0x8bbd3d4) returned 0x3 [0143.346] IEnumWbemClassObject:Clone (in: This=0x8bbd3d4, ppEnum=0x3fea30 | out: ppEnum=0x3fea30*=0x8bc01dc) returned 0x0 [0143.358] IUnknown:QueryInterface (in: This=0x8bc01dc, riid=0x74541104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fe8f4 | out: ppvObject=0x3fe8f4*=0x8bc01e0) returned 0x0 [0143.358] IClientSecurity:QueryBlanket (in: This=0x8bc01e0, pProxy=0x8bc01dc, pAuthnSvc=0x3fe944, pAuthzSvc=0x3fe940, pServerPrincName=0x3fe938, pAuthnLevel=0x3fe93c, pImpLevel=0x3fe92c, pAuthInfo=0x3fe930, pCapabilites=0x3fe934 | out: pAuthnSvc=0x3fe944*=0xa, pAuthzSvc=0x3fe940*=0x0, pServerPrincName=0x3fe938, pAuthnLevel=0x3fe93c*=0x6, pImpLevel=0x3fe92c*=0x2, pAuthInfo=0x3fe930, pCapabilites=0x3fe934*=0x1) returned 0x0 [0143.358] IUnknown:Release (This=0x8bc01e0) returned 0x1 [0143.358] IUnknown:QueryInterface (in: This=0x8bc01dc, riid=0x745410f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fe8e8 | out: ppvObject=0x3fe8e8*=0x59ba94) returned 0x0 [0143.358] IUnknown:QueryInterface (in: This=0x8bc01dc, riid=0x74541104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fe8e4 | out: ppvObject=0x3fe8e4*=0x8bc01e0) returned 0x0 [0143.358] IClientSecurity:SetBlanket (This=0x8bc01e0, pProxy=0x8bc01dc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0143.360] IUnknown:Release (This=0x8bc01e0) returned 0x2 [0143.360] WbemLocator:IUnknown:Release (This=0x59ba94) returned 0x1 [0143.360] CoTaskMemFree (pv=0x593fa8) [0143.360] IUnknown:QueryInterface (in: This=0x8bc01dc, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fe4d0 | out: ppvObject=0x3fe4d0*=0x59ba94) returned 0x0 [0143.361] WbemLocator:IUnknown:QueryInterface (in: This=0x59ba94, riid=0x7511fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3fe48c | out: ppvObject=0x3fe48c*=0x0) returned 0x80004002 [0143.361] WbemLocator:IUnknown:QueryInterface (in: This=0x59ba94, riid=0x7511fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3fe2ac | out: ppvObject=0x3fe2ac*=0x0) returned 0x80004002 [0143.362] WbemLocator:IUnknown:AddRef (This=0x59ba94) returned 0x3 [0143.362] WbemLocator:IUnknown:QueryInterface (in: This=0x59ba94, riid=0x7511f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3fddec | out: ppvObject=0x3fddec*=0x0) returned 0x80004002 [0143.362] WbemLocator:IUnknown:QueryInterface (in: This=0x59ba94, riid=0x7511f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3fdd9c | out: ppvObject=0x3fdd9c*=0x0) returned 0x80004002 [0143.363] WbemLocator:IUnknown:QueryInterface (in: This=0x59ba94, riid=0x7510c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fdda8 | out: ppvObject=0x3fdda8*=0x59b9f4) returned 0x0 [0143.363] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x59b9f4, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3fddb0 | out: pCid=0x3fddb0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0143.363] WbemLocator:IUnknown:Release (This=0x59b9f4) returned 0x3 [0143.363] CoGetContextToken (in: pToken=0x3fde08 | out: pToken=0x3fde08) returned 0x0 [0143.363] CoGetContextToken (in: pToken=0x3fe210 | out: pToken=0x3fe210) returned 0x0 [0143.363] WbemLocator:IUnknown:QueryInterface (in: This=0x59ba94, riid=0x7511fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fe2a0 | out: ppvObject=0x3fe2a0*=0x59ba7c) returned 0x0 [0143.363] WbemLocator:IRpcOptions:Query (in: This=0x59ba7c, pPrx=0x59ba94, dwProperty=2, pdwValue=0x3fe2c8 | out: pdwValue=0x3fe2c8) returned 0x80004002 [0143.363] WbemLocator:IUnknown:Release (This=0x59ba7c) returned 0x3 [0143.363] WbemLocator:IUnknown:Release (This=0x59ba94) returned 0x2 [0143.363] CoGetContextToken (in: pToken=0x3fe7e0 | out: pToken=0x3fe7e0) returned 0x0 [0143.363] CoGetContextToken (in: pToken=0x3fe740 | out: pToken=0x3fe740) returned 0x0 [0143.363] WbemLocator:IUnknown:QueryInterface (in: This=0x59ba94, riid=0x3fe810*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x3fe80c | out: ppvObject=0x3fe80c*=0x8bc01dc) returned 0x0 [0143.363] IUnknown:AddRef (This=0x8bc01dc) returned 0x4 [0143.363] IUnknown:Release (This=0x8bc01dc) returned 0x3 [0143.363] IUnknown:Release (This=0x8bc01dc) returned 0x2 [0143.363] IUnknown:Release (This=0x8bbd3d4) returned 0x2 [0143.364] SysStringLen (param_1=0x0) returned 0x0 [0143.364] IEnumWbemClassObject:Reset (This=0x8bc01dc) returned 0x0 [0143.364] CoTaskMemAlloc (cb=0x4) returned 0x5a2dc0 [0143.365] IEnumWbemClassObject:Next (in: This=0x8bc01dc, lTimeout=-1, uCount=0x1, apObjects=0x5a2dc0, puReturned=0x24c2d90 | out: apObjects=0x5a2dc0*=0x8bc0218, puReturned=0x24c2d90*=0x1) returned 0x0 [0143.367] IUnknown:QueryInterface (in: This=0x8bc0218, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fe090 | out: ppvObject=0x3fe090*=0x8bc0218) returned 0x0 [0143.367] IUnknown:QueryInterface (in: This=0x8bc0218, riid=0x7511fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x3fe04c | out: ppvObject=0x3fe04c*=0x0) returned 0x80004002 [0143.367] IUnknown:QueryInterface (in: This=0x8bc0218, riid=0x7511fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x3fde6c | out: ppvObject=0x3fde6c*=0x0) returned 0x80004002 [0143.367] IUnknown:AddRef (This=0x8bc0218) returned 0x3 [0143.367] IUnknown:QueryInterface (in: This=0x8bc0218, riid=0x7511f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x3fd9ac | out: ppvObject=0x3fd9ac*=0x0) returned 0x80004002 [0143.367] IUnknown:QueryInterface (in: This=0x8bc0218, riid=0x7511f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x3fd95c | out: ppvObject=0x3fd95c*=0x0) returned 0x80004002 [0143.367] IUnknown:QueryInterface (in: This=0x8bc0218, riid=0x7510c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fd968 | out: ppvObject=0x3fd968*=0x8bc021c) returned 0x0 [0143.367] IMarshal:GetUnmarshalClass (in: This=0x8bc021c, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x3fd970 | out: pCid=0x3fd970*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0143.367] IUnknown:Release (This=0x8bc021c) returned 0x3 [0143.367] CoGetContextToken (in: pToken=0x3fd9c8 | out: pToken=0x3fd9c8) returned 0x0 [0143.367] CoGetContextToken (in: pToken=0x3fddd0 | out: pToken=0x3fddd0) returned 0x0 [0143.367] IUnknown:QueryInterface (in: This=0x8bc0218, riid=0x7511fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x3fde60 | out: ppvObject=0x3fde60*=0x0) returned 0x80004002 [0143.367] IUnknown:Release (This=0x8bc0218) returned 0x2 [0143.368] CoGetContextToken (in: pToken=0x3fe3a0 | out: pToken=0x3fe3a0) returned 0x0 [0143.368] CoGetContextToken (in: pToken=0x3fe300 | out: pToken=0x3fe300) returned 0x0 [0143.368] IUnknown:QueryInterface (in: This=0x8bc0218, riid=0x3fe3d0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x3fe3cc | out: ppvObject=0x3fe3cc*=0x8bc0218) returned 0x0 [0143.368] IUnknown:AddRef (This=0x8bc0218) returned 0x4 [0143.368] IUnknown:Release (This=0x8bc0218) returned 0x3 [0143.368] IUnknown:Release (This=0x8bc0218) returned 0x2 [0143.368] CoTaskMemFree (pv=0x5a2dc0) [0143.368] CoGetContextToken (in: pToken=0x3fe710 | out: pToken=0x3fe710) returned 0x0 [0143.368] IUnknown:AddRef (This=0x8bc0218) returned 0x3 [0143.369] IWbemClassObject:Get (in: This=0x8bc0218, wszName="__GENUS", lFlags=0, pVal=0x3fea20*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3feaa0*=0, plFlavor=0x3fea9c*=0 | out: pVal=0x3fea20*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x3feaa0*=3, plFlavor=0x3fea9c*=64) returned 0x0 [0143.369] IWbemClassObject:Get (in: This=0x8bc0218, wszName="__PATH", lFlags=0, pVal=0x3fea04*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x3fea88*=0, plFlavor=0x3fea84*=0 | out: pVal=0x3fea04*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"", varVal2=0x0), pType=0x3fea88*=8, plFlavor=0x3fea84*=64) returned 0x0 [0143.369] SysStringByteLen (bstr="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"") returned 0x7e [0143.369] SysStringByteLen (bstr="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"") returned 0x7e [0143.370] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x31c [0143.370] SetEvent (hEvent=0x254) returned 1 [0143.370] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x3fe9dc*=0x31c, lpdwindex=0x3fe7fc | out: lpdwindex=0x3fe7fc) returned 0x0 [0143.380] CoGetContextToken (in: pToken=0x3fe8a8 | out: pToken=0x3fe8a8) returned 0x0 [0143.380] CoGetContextToken (in: pToken=0x3fe808 | out: pToken=0x3fe808) returned 0x0 [0143.380] WbemDefPath:IUnknown:QueryInterface (in: This=0x8bbca30, riid=0x3fe8d8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x3fe8d4 | out: ppvObject=0x3fe8d4*=0x8bbca30) returned 0x0 [0143.380] WbemDefPath:IUnknown:AddRef (This=0x8bbca30) returned 0x3 [0143.380] WbemDefPath:IUnknown:Release (This=0x8bbca30) returned 0x2 [0143.380] WbemDefPath:IWbemPath:SetText (This=0x8bbca30, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XDUWTFONO\"") returned 0x0 [0143.381] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x8bb0998, puCount=0x3fea5c | out: puCount=0x3fea5c*=0x2) returned 0x0 [0143.381] WbemDefPath:IWbemPath:GetText (in: This=0x8bb0998, lFlags=4, puBuffLength=0x3fea58*=0x0, pszText=0x0 | out: puBuffLength=0x3fea58*=0xf, pszText=0x0) returned 0x0 [0143.381] WbemDefPath:IWbemPath:GetText (in: This=0x8bb0998, lFlags=4, puBuffLength=0x3fea58*=0xf, pszText="00000000000000" | out: puBuffLength=0x3fea58*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0143.382] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x8bb0998, puCount=0x3fea50 | out: puCount=0x3fea50*=0x2) returned 0x0 [0143.382] WbemDefPath:IWbemPath:GetText (in: This=0x8bb0998, lFlags=4, puBuffLength=0x3fea4c*=0x0, pszText=0x0 | out: puBuffLength=0x3fea4c*=0xf, pszText=0x0) returned 0x0 [0143.382] WbemDefPath:IWbemPath:GetText (in: This=0x8bb0998, lFlags=4, puBuffLength=0x3fea4c*=0xf, pszText="00000000000000" | out: puBuffLength=0x3fea4c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0143.382] IWbemClassObject:Get (in: This=0x8bc0218, wszName="Name", lFlags=0, pVal=0x3fea4c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24c3678*=0, plFlavor=0x24c367c*=0 | out: pVal=0x3fea4c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x24c3678*=8, plFlavor=0x24c367c*=32) returned 0x0 [0143.382] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0143.382] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0143.382] IWbemClassObject:Get (in: This=0x8bc0218, wszName="Name", lFlags=0, pVal=0x3fea54*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24c3678*=8, plFlavor=0x24c367c*=32 | out: pVal=0x3fea54*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x24c3678*=8, plFlavor=0x24c367c*=32) returned 0x0 [0143.382] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0143.383] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0143.401] CoTaskMemAlloc (cb=0x20c) returned 0x5a42f8 [0143.401] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x5a42f8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0143.404] CoTaskMemFree (pv=0x5a42f8) [0143.404] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x3fe578, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0143.404] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bytes.file", nBufferLength=0x105, lpBuffer=0x3fe610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bytes.file", lpFilePart=0x0) returned 0x30 [0143.404] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fea70) returned 1 [0143.405] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bytes.file" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bytes.file"), fInfoLevelId=0x0, lpFileInformation=0x3feaec | out: lpFileInformation=0x3feaec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0143.405] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fea6c) returned 1 [0143.438] GetCurrentProcess () returned 0xffffffff [0143.438] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3feaa4 | out: TokenHandle=0x3feaa4*=0x344) returned 1 [0143.467] GetTokenInformation (in: TokenHandle=0x344, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x3feaa4 | out: TokenInformation=0x0, ReturnLength=0x3feaa4) returned 0 [0143.467] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x5a2e20 [0143.467] GetTokenInformation (in: TokenHandle=0x344, TokenInformationClass=0x8, TokenInformation=0x5a2e20, TokenInformationLength=0x4, ReturnLength=0x3feaa4 | out: TokenInformation=0x5a2e20, ReturnLength=0x3feaa4) returned 1 [0143.468] LocalFree (hMem=0x5a2e20) returned 0x0 [0143.469] DuplicateTokenEx (in: hExistingToken=0x344, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x3feaac | out: phNewToken=0x3feaac*=0x340) returned 1 [0143.470] CheckTokenMembership (in: TokenHandle=0x340, SidToCheck=0x24c4fa0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x3feabc | out: IsMember=0x3feabc) returned 1 [0143.470] CloseHandle (hObject=0x340) returned 1 [0143.474] GetCurrentProcess () returned 0xffffffff [0143.475] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3feaa4 | out: TokenHandle=0x3feaa4*=0x340) returned 1 [0143.475] GetTokenInformation (in: TokenHandle=0x340, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x3feaa4 | out: TokenInformation=0x0, ReturnLength=0x3feaa4) returned 0 [0143.475] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x5a2e20 [0143.475] GetTokenInformation (in: TokenHandle=0x340, TokenInformationClass=0x8, TokenInformation=0x5a2e20, TokenInformationLength=0x4, ReturnLength=0x3feaa4 | out: TokenInformation=0x5a2e20, ReturnLength=0x3feaa4) returned 1 [0143.475] LocalFree (hMem=0x5a2e20) returned 0x0 [0143.475] DuplicateTokenEx (in: hExistingToken=0x340, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x3feaac | out: phNewToken=0x3feaac*=0x348) returned 1 [0143.475] CheckTokenMembership (in: TokenHandle=0x348, SidToCheck=0x24c54a4*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x3feabc | out: IsMember=0x3feabc) returned 1 [0143.475] CloseHandle (hObject=0x348) returned 1 [0143.485] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Defender\\Features", ulOptions=0x0, samDesired=0x2001f, phkResult=0x3fea84 | out: phkResult=0x3fea84*=0x348) returned 0x0 [0143.485] RegQueryValueExW (in: hKey=0x348, lpValueName="TamperProtection", lpReserved=0x0, lpType=0x3feab8, lpData=0x0, lpcbData=0x3feab4*=0x0 | out: lpType=0x3feab8*=0x4, lpData=0x0, lpcbData=0x3feab4*=0x4) returned 0x0 [0143.485] RegQueryValueExW (in: hKey=0x348, lpValueName="TamperProtection", lpReserved=0x0, lpType=0x3feab8, lpData=0x3feaa4, lpcbData=0x3feab4*=0x4 | out: lpType=0x3feab8*=0x4, lpData=0x3feaa4*=0x0, lpcbData=0x3feab4*=0x4) returned 0x0 [0143.486] RegQueryValueExW (in: hKey=0x348, lpValueName="TamperProtection", lpReserved=0x0, lpType=0x3feaa0, lpData=0x0, lpcbData=0x3fea9c*=0x0 | out: lpType=0x3feaa0*=0x4, lpData=0x0, lpcbData=0x3fea9c*=0x4) returned 0x0 [0143.488] RegSetValueExW (in: hKey=0x348, lpValueName="TamperProtection", Reserved=0x0, dwType=0x4, lpData=0x3feabc*=0x0, cbData=0x4 | out: lpData=0x3feabc*=0x0) returned 0x0 [0143.488] RegCloseKey (hKey=0x348) returned 0x0 [0143.488] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender", ulOptions=0x0, samDesired=0x2001f, phkResult=0x3fea84 | out: phkResult=0x3fea84*=0x348) returned 0x0 [0143.489] RegQueryValueExW (in: hKey=0x348, lpValueName="DisableAntiSpyware", lpReserved=0x0, lpType=0x3feab8, lpData=0x0, lpcbData=0x3feab4*=0x0 | out: lpType=0x3feab8*=0x4, lpData=0x0, lpcbData=0x3feab4*=0x4) returned 0x0 [0143.489] RegQueryValueExW (in: hKey=0x348, lpValueName="DisableAntiSpyware", lpReserved=0x0, lpType=0x3feab8, lpData=0x3feaa4, lpcbData=0x3feab4*=0x4 | out: lpType=0x3feab8*=0x4, lpData=0x3feaa4*=0x1, lpcbData=0x3feab4*=0x4) returned 0x0 [0143.489] RegQueryValueExW (in: hKey=0x348, lpValueName="DisableAntiSpyware", lpReserved=0x0, lpType=0x3feaa0, lpData=0x0, lpcbData=0x3fea9c*=0x0 | out: lpType=0x3feaa0*=0x4, lpData=0x0, lpcbData=0x3fea9c*=0x4) returned 0x0 [0143.489] RegSetValueExW (in: hKey=0x348, lpValueName="DisableAntiSpyware", Reserved=0x0, dwType=0x4, lpData=0x3feabc*=0x1, cbData=0x4 | out: lpData=0x3feabc*=0x1) returned 0x0 [0143.489] RegCloseKey (hKey=0x348) returned 0x0 [0143.489] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", ulOptions=0x0, samDesired=0x2001f, phkResult=0x3fea84 | out: phkResult=0x3fea84*=0x348) returned 0x0 [0143.489] RegQueryValueExW (in: hKey=0x348, lpValueName="DisableBehaviorMonitoring", lpReserved=0x0, lpType=0x3feab8, lpData=0x0, lpcbData=0x3feab4*=0x0 | out: lpType=0x3feab8*=0x4, lpData=0x0, lpcbData=0x3feab4*=0x4) returned 0x0 [0143.489] RegQueryValueExW (in: hKey=0x348, lpValueName="DisableBehaviorMonitoring", lpReserved=0x0, lpType=0x3feab8, lpData=0x3feaa4, lpcbData=0x3feab4*=0x4 | out: lpType=0x3feab8*=0x4, lpData=0x3feaa4*=0x1, lpcbData=0x3feab4*=0x4) returned 0x0 [0143.489] RegQueryValueExW (in: hKey=0x348, lpValueName="DisableBehaviorMonitoring", lpReserved=0x0, lpType=0x3feaa0, lpData=0x0, lpcbData=0x3fea9c*=0x0 | out: lpType=0x3feaa0*=0x4, lpData=0x0, lpcbData=0x3fea9c*=0x4) returned 0x0 [0143.489] RegSetValueExW (in: hKey=0x348, lpValueName="DisableBehaviorMonitoring", Reserved=0x0, dwType=0x4, lpData=0x3feabc*=0x1, cbData=0x4 | out: lpData=0x3feabc*=0x1) returned 0x0 [0143.489] RegCloseKey (hKey=0x348) returned 0x0 [0143.490] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", ulOptions=0x0, samDesired=0x2001f, phkResult=0x3fea84 | out: phkResult=0x3fea84*=0x348) returned 0x0 [0143.490] RegQueryValueExW (in: hKey=0x348, lpValueName="DisableOnAccessProtection", lpReserved=0x0, lpType=0x3feab8, lpData=0x0, lpcbData=0x3feab4*=0x0 | out: lpType=0x3feab8*=0x4, lpData=0x0, lpcbData=0x3feab4*=0x4) returned 0x0 [0143.490] RegQueryValueExW (in: hKey=0x348, lpValueName="DisableOnAccessProtection", lpReserved=0x0, lpType=0x3feab8, lpData=0x3feaa4, lpcbData=0x3feab4*=0x4 | out: lpType=0x3feab8*=0x4, lpData=0x3feaa4*=0x1, lpcbData=0x3feab4*=0x4) returned 0x0 [0143.490] RegQueryValueExW (in: hKey=0x348, lpValueName="DisableOnAccessProtection", lpReserved=0x0, lpType=0x3feaa0, lpData=0x0, lpcbData=0x3fea9c*=0x0 | out: lpType=0x3feaa0*=0x4, lpData=0x0, lpcbData=0x3fea9c*=0x4) returned 0x0 [0143.490] RegSetValueExW (in: hKey=0x348, lpValueName="DisableOnAccessProtection", Reserved=0x0, dwType=0x4, lpData=0x3feabc*=0x1, cbData=0x4 | out: lpData=0x3feabc*=0x1) returned 0x0 [0143.490] RegCloseKey (hKey=0x348) returned 0x0 [0143.490] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", ulOptions=0x0, samDesired=0x2001f, phkResult=0x3fea84 | out: phkResult=0x3fea84*=0x348) returned 0x0 [0143.490] RegQueryValueExW (in: hKey=0x348, lpValueName="DisableScanOnRealtimeEnable", lpReserved=0x0, lpType=0x3feab8, lpData=0x0, lpcbData=0x3feab4*=0x0 | out: lpType=0x3feab8*=0x4, lpData=0x0, lpcbData=0x3feab4*=0x4) returned 0x0 [0143.490] RegQueryValueExW (in: hKey=0x348, lpValueName="DisableScanOnRealtimeEnable", lpReserved=0x0, lpType=0x3feab8, lpData=0x3feaa4, lpcbData=0x3feab4*=0x4 | out: lpType=0x3feab8*=0x4, lpData=0x3feaa4*=0x1, lpcbData=0x3feab4*=0x4) returned 0x0 [0143.490] RegQueryValueExW (in: hKey=0x348, lpValueName="DisableScanOnRealtimeEnable", lpReserved=0x0, lpType=0x3feaa0, lpData=0x0, lpcbData=0x3fea9c*=0x0 | out: lpType=0x3feaa0*=0x4, lpData=0x0, lpcbData=0x3fea9c*=0x4) returned 0x0 [0143.490] RegSetValueExW (in: hKey=0x348, lpValueName="DisableScanOnRealtimeEnable", Reserved=0x0, dwType=0x4, lpData=0x3feabc*=0x1, cbData=0x4 | out: lpData=0x3feabc*=0x1) returned 0x0 [0143.491] RegCloseKey (hKey=0x348) returned 0x0 [0143.545] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0143.546] CreatePipe (in: hReadPipe=0x3fe9c8, hWritePipe=0x3fe9c4, lpPipeAttributes=0x3fe948, nSize=0x0 | out: hReadPipe=0x3fe9c8*=0x34c, hWritePipe=0x3fe9c4*=0x350) returned 1 [0143.546] GetCurrentProcess () returned 0xffffffff [0143.546] GetCurrentProcess () returned 0xffffffff [0143.547] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x34c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x3fe9cc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3fe9cc*=0x354) returned 1 [0143.547] CloseHandle (hObject=0x34c) returned 1 [0143.547] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0143.547] CoTaskMemAlloc (cb=0x20e) returned 0x5a4af0 [0143.547] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x5a4af0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0143.548] CoTaskMemFree (pv=0x5a4af0) [0143.549] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"powershell\" Get-MpPreference -verbose", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x3fe904*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x350, hStdError=0x0), lpProcessInformation=0x24c6e5c | out: lpCommandLine="\"powershell\" Get-MpPreference -verbose", lpProcessInformation=0x24c6e5c*(hProcess=0x358, hThread=0x34c, dwProcessId=0x358, dwThreadId=0x5e4)) returned 1 [0143.567] CloseHandle (hObject=0x350) returned 1 [0143.755] GetFileType (hFile=0x354) returned 0x3 [0143.757] CloseHandle (hObject=0x34c) returned 1 [0143.762] ReadFile (in: hFile=0x354, lpBuffer=0x24c7a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fea84, lpOverlapped=0x0 | out: lpBuffer=0x24c7a54*, lpNumberOfBytesRead=0x3fea84*=0x4f, lpOverlapped=0x0) returned 1 [0160.686] ReadFile (in: hFile=0x354, lpBuffer=0x24c7a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fea74, lpOverlapped=0x0 | out: lpBuffer=0x24c7a54*, lpNumberOfBytesRead=0x3fea74*=0x1, lpOverlapped=0x0) returned 1 [0160.695] ReadFile (in: hFile=0x354, lpBuffer=0x24c7a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fea84, lpOverlapped=0x0 | out: lpBuffer=0x24c7a54*, lpNumberOfBytesRead=0x3fea84*=0x4f, lpOverlapped=0x0) returned 1 [0160.719] ReadFile (in: hFile=0x354, lpBuffer=0x24c7a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fea74, lpOverlapped=0x0 | out: lpBuffer=0x24c7a54*, lpNumberOfBytesRead=0x3fea74*=0x1, lpOverlapped=0x0) returned 1 [0160.730] ReadFile (in: hFile=0x354, lpBuffer=0x24c7a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fea84, lpOverlapped=0x0 | out: lpBuffer=0x24c7a54*, lpNumberOfBytesRead=0x3fea84*=0x3e, lpOverlapped=0x0) returned 1 [0160.751] ReadFile (in: hFile=0x354, lpBuffer=0x24c7a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fea74, lpOverlapped=0x0 | out: lpBuffer=0x24c7a54*, lpNumberOfBytesRead=0x3fea74*=0x1, lpOverlapped=0x0) returned 1 [0160.760] ReadFile (in: hFile=0x354, lpBuffer=0x24c7a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fea84, lpOverlapped=0x0 | out: lpBuffer=0x24c7a54*, lpNumberOfBytesRead=0x3fea84*=0x11, lpOverlapped=0x0) returned 1 [0160.781] ReadFile (in: hFile=0x354, lpBuffer=0x24c7a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fea74, lpOverlapped=0x0 | out: lpBuffer=0x24c7a54*, lpNumberOfBytesRead=0x3fea74*=0x1, lpOverlapped=0x0) returned 1 [0160.791] ReadFile (in: hFile=0x354, lpBuffer=0x24c7a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fea84, lpOverlapped=0x0 | out: lpBuffer=0x24c7a54*, lpNumberOfBytesRead=0x3fea84*=0x21, lpOverlapped=0x0) returned 1 [0160.814] ReadFile (in: hFile=0x354, lpBuffer=0x24c7a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fea74, lpOverlapped=0x0 | out: lpBuffer=0x24c7a54*, lpNumberOfBytesRead=0x3fea74*=0x1, lpOverlapped=0x0) returned 1 [0160.824] ReadFile (in: hFile=0x354, lpBuffer=0x24c7a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fea84, lpOverlapped=0x0 | out: lpBuffer=0x24c7a54*, lpNumberOfBytesRead=0x3fea84*=0x4f, lpOverlapped=0x0) returned 1 [0160.845] ReadFile (in: hFile=0x354, lpBuffer=0x24c7a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fea74, lpOverlapped=0x0 | out: lpBuffer=0x24c7a54*, lpNumberOfBytesRead=0x3fea74*=0x1, lpOverlapped=0x0) returned 1 [0160.856] ReadFile (in: hFile=0x354, lpBuffer=0x24c7a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fea84, lpOverlapped=0x0 | out: lpBuffer=0x24c7a54*, lpNumberOfBytesRead=0x3fea84*=0x19, lpOverlapped=0x0) returned 1 [0160.891] ReadFile (in: hFile=0x354, lpBuffer=0x24c7a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fea74, lpOverlapped=0x0 | out: lpBuffer=0x24c7a54*, lpNumberOfBytesRead=0x3fea74*=0x1, lpOverlapped=0x0) returned 1 [0160.905] ReadFile (in: hFile=0x354, lpBuffer=0x24c7a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fea84, lpOverlapped=0x0 | out: lpBuffer=0x24c7a54*, lpNumberOfBytesRead=0x3fea84*=0x36, lpOverlapped=0x0) returned 1 [0160.939] ReadFile (in: hFile=0x354, lpBuffer=0x24c7a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fea74, lpOverlapped=0x0 | out: lpBuffer=0x24c7a54*, lpNumberOfBytesRead=0x3fea74*=0x1, lpOverlapped=0x0) returned 1 [0160.953] ReadFile (in: hFile=0x354, lpBuffer=0x24c7a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fea84, lpOverlapped=0x0 | out: lpBuffer=0x24c7a54*, lpNumberOfBytesRead=0x3fea84*=0x1, lpOverlapped=0x0) returned 1 [0160.986] ReadFile (in: hFile=0x354, lpBuffer=0x24c7a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fea74, lpOverlapped=0x0 | out: lpBuffer=0x24c7a54*, lpNumberOfBytesRead=0x3fea74*=0x1, lpOverlapped=0x0) returned 1 [0161.002] ReadFile (in: hFile=0x354, lpBuffer=0x24c7a54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fea84, lpOverlapped=0x0 | out: lpBuffer=0x24c7a54, lpNumberOfBytesRead=0x3fea84*=0x0, lpOverlapped=0x0) returned 0 [0161.396] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3fe5b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0161.396] GetFullPathNameW (in: lpFileName="C:\\5p5NrGJn0jS HALPmcxz\\Rznd123\\local.exe", nBufferLength=0x105, lpBuffer=0x3fe5b8, lpFilePart=0x0 | out: lpBuffer="C:\\5p5NrGJn0jS HALPmcxz\\Rznd123\\local.exe", lpFilePart=0x0) returned 0x29 [0161.397] GetCurrentProcessId () returned 0x670 [0161.400] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x670) returned 0x1e4 [0161.407] EnumProcessModules (in: hProcess=0x1e4, lphModule=0x24cd404, cb=0x100, lpcbNeeded=0x3fea80 | out: lphModule=0x24cd404, lpcbNeeded=0x3fea80) returned 1 [0161.408] GetModuleInformation (in: hProcess=0x1e4, hModule=0xb10000, lpmodinfo=0x24cd544, cb=0xc | out: lpmodinfo=0x24cd544*(lpBaseOfDll=0xb10000, SizeOfImage=0x1a000, EntryPoint=0xb240fe)) returned 1 [0161.409] CoTaskMemAlloc (cb=0x804) returned 0x542570 [0161.409] GetModuleBaseNameW (in: hProcess=0x1e4, hModule=0xb10000, lpBaseName=0x542570, nSize=0x800 | out: lpBaseName="WinUpdt.exe") returned 0xb [0161.409] CoTaskMemFree (pv=0x542570) [0161.409] CoTaskMemAlloc (cb=0x804) returned 0x542570 [0161.409] GetModuleFileNameExW (in: hProcess=0x1e4, hModule=0xb10000, lpFilename=0x542570, nSize=0x800 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\winupdt.exe")) returned 0x39 [0161.410] CoTaskMemFree (pv=0x542570) [0161.410] CloseHandle (hObject=0x1e4) returned 1 [0161.410] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", nBufferLength=0x105, lpBuffer=0x3fe53c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe", lpFilePart=0x0) returned 0x39 [0161.411] GetCurrentProcess () returned 0xffffffff [0161.411] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3feaa4 | out: TokenHandle=0x3feaa4*=0x1e4) returned 1 [0161.411] GetTokenInformation (in: TokenHandle=0x1e4, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x3feaa4 | out: TokenInformation=0x0, ReturnLength=0x3feaa4) returned 0 [0161.411] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x5a2e20 [0161.411] GetTokenInformation (in: TokenHandle=0x1e4, TokenInformationClass=0x8, TokenInformation=0x5a2e20, TokenInformationLength=0x4, ReturnLength=0x3feaa4 | out: TokenInformation=0x5a2e20, ReturnLength=0x3feaa4) returned 1 [0161.411] LocalFree (hMem=0x5a2e20) returned 0x0 [0161.412] DuplicateTokenEx (in: hExistingToken=0x1e4, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x3feaac | out: phNewToken=0x3feaac*=0x1e0) returned 1 [0161.412] CheckTokenMembership (in: TokenHandle=0x1e0, SidToCheck=0x24cfb28*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x3feabc | out: IsMember=0x3feabc) returned 1 [0161.412] CloseHandle (hObject=0x1e0) returned 1 [0161.430] GetCurrentProcess () returned 0xffffffff [0161.430] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x3feaec | out: TokenHandle=0x3feaec*=0x1e0) returned 1 [0161.430] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x3feae4 | out: lpLuid=0x3feae4*(LowPart=0x14, HighPart=0)) returned 1 [0161.431] AdjustTokenPrivileges (in: TokenHandle=0x1e0, DisableAllPrivileges=0, NewState=0x24cfcf0*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0161.432] CloseHandle (hObject=0x1e0) returned 1 [0161.520] RtlSetProcessIsCritical (in: NewValue=1, OldValue=0x0, IsWinlogon=0 | out: OldValue=0x0) [0161.765] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe.config", nBufferLength=0x105, lpBuffer=0x3fe40c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe.config", lpFilePart=0x0) returned 0x40 [0161.765] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe.config", nBufferLength=0x105, lpBuffer=0x3fe3b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe.config", lpFilePart=0x0) returned 0x40 [0161.947] GetCurrentProcess () returned 0xffffffff [0161.947] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3fe760 | out: TokenHandle=0x3fe760*=0x1e0) returned 1 [0161.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x3fe240, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0161.952] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x3fe760 | out: lpFileInformation=0x3fe760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0161.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x3fe20c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0161.954] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x3fe760 | out: lpFileInformation=0x3fe760*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0161.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x3fe198, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0161.955] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe68c) returned 1 [0161.955] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1dc [0161.955] GetFileType (hFile=0x1dc) returned 0x1 [0161.955] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe688) returned 1 [0161.955] GetFileType (hFile=0x1dc) returned 0x1 [0161.982] GetFileSize (in: hFile=0x1dc, lpFileSizeHigh=0x3fe754 | out: lpFileSizeHigh=0x3fe754*=0x0) returned 0x8c8f [0161.982] ReadFile (in: hFile=0x1dc, lpBuffer=0x24d3894, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe710, lpOverlapped=0x0 | out: lpBuffer=0x24d3894*, lpNumberOfBytesRead=0x3fe710*=0x1000, lpOverlapped=0x0) returned 1 [0161.997] ReadFile (in: hFile=0x1dc, lpBuffer=0x24d3894, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe5ac, lpOverlapped=0x0 | out: lpBuffer=0x24d3894*, lpNumberOfBytesRead=0x3fe5ac*=0x1000, lpOverlapped=0x0) returned 1 [0162.003] ReadFile (in: hFile=0x1dc, lpBuffer=0x24d3894, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe460, lpOverlapped=0x0 | out: lpBuffer=0x24d3894*, lpNumberOfBytesRead=0x3fe460*=0x1000, lpOverlapped=0x0) returned 1 [0162.004] ReadFile (in: hFile=0x1dc, lpBuffer=0x24d3894, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe460, lpOverlapped=0x0 | out: lpBuffer=0x24d3894*, lpNumberOfBytesRead=0x3fe460*=0x1000, lpOverlapped=0x0) returned 1 [0162.004] ReadFile (in: hFile=0x1dc, lpBuffer=0x24d3894, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe460, lpOverlapped=0x0 | out: lpBuffer=0x24d3894*, lpNumberOfBytesRead=0x3fe460*=0x1000, lpOverlapped=0x0) returned 1 [0162.005] ReadFile (in: hFile=0x1dc, lpBuffer=0x24d3894, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe398, lpOverlapped=0x0 | out: lpBuffer=0x24d3894*, lpNumberOfBytesRead=0x3fe398*=0x1000, lpOverlapped=0x0) returned 1 [0162.012] ReadFile (in: hFile=0x1dc, lpBuffer=0x24d3894, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe514, lpOverlapped=0x0 | out: lpBuffer=0x24d3894*, lpNumberOfBytesRead=0x3fe514*=0x1000, lpOverlapped=0x0) returned 1 [0162.014] ReadFile (in: hFile=0x1dc, lpBuffer=0x24d3894, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe428, lpOverlapped=0x0 | out: lpBuffer=0x24d3894*, lpNumberOfBytesRead=0x3fe428*=0x1000, lpOverlapped=0x0) returned 1 [0162.014] ReadFile (in: hFile=0x1dc, lpBuffer=0x24d3894, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe428, lpOverlapped=0x0 | out: lpBuffer=0x24d3894*, lpNumberOfBytesRead=0x3fe428*=0xc8f, lpOverlapped=0x0) returned 1 [0162.014] ReadFile (in: hFile=0x1dc, lpBuffer=0x24d3894, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe4e8, lpOverlapped=0x0 | out: lpBuffer=0x24d3894*, lpNumberOfBytesRead=0x3fe4e8*=0x0, lpOverlapped=0x0) returned 1 [0162.014] CloseHandle (hObject=0x1dc) returned 1 [0162.016] GetCurrentProcess () returned 0xffffffff [0162.016] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3fe894 | out: TokenHandle=0x3fe894*=0x1dc) returned 1 [0162.016] GetCurrentProcess () returned 0xffffffff [0162.017] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3fe894 | out: TokenHandle=0x3fe894*=0x1d8) returned 1 [0162.017] GetCurrentProcess () returned 0xffffffff [0162.017] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3fe760 | out: TokenHandle=0x3fe760*=0x1e8) returned 1 [0162.018] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\winupdt.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x3fe760 | out: lpFileInformation=0x3fe760*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0162.018] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe.config", nBufferLength=0x105, lpBuffer=0x3fe20c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe.config", lpFilePart=0x0) returned 0x40 [0162.018] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WinUpdt.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\winupdt.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x3fe760 | out: lpFileInformation=0x3fe760*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0162.019] GetCurrentProcess () returned 0xffffffff [0162.019] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3fe894 | out: TokenHandle=0x3fe894*=0x34c) returned 1 [0162.019] GetCurrentProcess () returned 0xffffffff [0162.019] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3fe894 | out: TokenHandle=0x3fe894*=0x360) returned 1 [0162.032] GetCurrentProcess () returned 0xffffffff [0162.032] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3fe65c | out: TokenHandle=0x3fe65c*=0x35c) returned 1 [0162.055] GetCurrentProcess () returned 0xffffffff [0162.055] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3fe66c | out: TokenHandle=0x3fe66c*=0x364) returned 1 [0162.066] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x368 [0162.066] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x36c [0162.071] GetCurrentProcess () returned 0xffffffff [0162.071] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3fe654 | out: TokenHandle=0x3fe654*=0x370) returned 1 [0162.074] GetCurrentProcess () returned 0xffffffff [0162.074] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3fe664 | out: TokenHandle=0x3fe664*=0x374) returned 1 [0162.077] QueryPerformanceFrequency (in: lpFrequency=0x126b80 | out: lpFrequency=0x126b80*=100000000) returned 1 [0162.077] QueryPerformanceCounter (in: lpPerformanceCount=0x3fea68 | out: lpPerformanceCount=0x3fea68*=10399245864) returned 1 [0162.082] GetCurrentProcess () returned 0xffffffff [0162.082] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3fe620 | out: TokenHandle=0x3fe620*=0x378) returned 1 [0162.086] GetCurrentProcess () returned 0xffffffff [0162.086] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3fe630 | out: TokenHandle=0x3fe630*=0x37c) returned 1 [0162.101] GetCurrentProcess () returned 0xffffffff [0162.102] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3fe634 | out: TokenHandle=0x3fe634*=0x380) returned 1 [0162.104] GetCurrentProcess () returned 0xffffffff [0162.104] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3fe644 | out: TokenHandle=0x3fe644*=0x384) returned 1 [0162.110] GetCurrentProcess () returned 0xffffffff [0162.110] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3fe950 | out: TokenHandle=0x3fe950*=0x388) returned 1 [0162.122] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x3fda9c | out: phkResult=0x3fda9c*=0x38c) returned 0x0 [0162.123] RegQueryValueExW (in: hKey=0x38c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x3fdabc, lpData=0x0, lpcbData=0x3fdab8*=0x0 | out: lpType=0x3fdabc*=0x1, lpData=0x0, lpcbData=0x3fdab8*=0xe) returned 0x0 [0162.123] RegQueryValueExW (in: hKey=0x38c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x3fdabc, lpData=0x24f5688, lpcbData=0x3fdab8*=0xe | out: lpType=0x3fdabc*=0x1, lpData="Client", lpcbData=0x3fdab8*=0xe) returned 0x0 [0162.123] RegCloseKey (hKey=0x38c) returned 0x0 [0162.653] CoTaskMemAlloc (cb=0xcc0) returned 0x5ab128 [0162.653] RasEnumConnectionsW (in: param_1=0x5ab128, param_2=0x3fe960, param_3=0x3fe964 | out: param_1=0x5ab128, param_2=0x3fe960, param_3=0x3fe964) returned 0x0 [0162.900] CoTaskMemFree (pv=0x5ab128) [0162.905] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x3fe748 | out: lpWSAData=0x3fe748) returned 0 [0162.913] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3cc [0163.322] setsockopt (s=0x3cc, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0163.322] closesocket (s=0x3cc) returned 0 [0163.323] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3cc [0163.401] setsockopt (s=0x3cc, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0163.401] closesocket (s=0x3cc) returned 0 [0163.401] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3cc [0163.402] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3d0 [0163.402] ioctlsocket (in: s=0x3cc, cmd=-2147195266, argp=0x3fe968 | out: argp=0x3fe968) returned 0 [0163.402] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3d4 [0163.403] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3d8 [0163.403] ioctlsocket (in: s=0x3d4, cmd=-2147195266, argp=0x3fe968 | out: argp=0x3fe968) returned 0 [0163.403] WSAIoctl (in: s=0x3cc, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x3fe950, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x3fe950, lpOverlapped=0x0) returned -1 [0163.404] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x3fe680, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0163.407] WSAEventSelect (s=0x3cc, hEventObject=0x3d0, lNetworkEvents=512) returned 0 [0163.407] WSAIoctl (in: s=0x3d4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x3fe950, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x3fe950, lpOverlapped=0x0) returned -1 [0163.407] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x3fe680, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0163.407] WSAEventSelect (s=0x3d4, hEventObject=0x3d8, lNetworkEvents=512) returned 0 [0163.407] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3e0 [0163.408] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x3e0, param_3=0x3) returned 0x0 [0163.413] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x3fe97c | out: phkResult=0x3fe97c*=0x3f8) returned 0x0 [0163.414] RegOpenKeyExW (in: hKey=0x3f8, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x3fe92c | out: phkResult=0x3fe92c*=0x3fc) returned 0x0 [0163.414] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x404 [0163.414] RegNotifyChangeKeyValue (hKey=0x3fc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x404, fAsynchronous=1) returned 0x0 [0163.415] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x3fe930 | out: phkResult=0x3fe930*=0x408) returned 0x0 [0163.415] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x40c [0163.415] RegNotifyChangeKeyValue (hKey=0x408, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x40c, fAsynchronous=1) returned 0x0 [0163.415] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x3fe930 | out: phkResult=0x3fe930*=0x410) returned 0x0 [0163.416] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x414 [0163.416] RegNotifyChangeKeyValue (hKey=0x410, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x414, fAsynchronous=1) returned 0x0 [0163.416] GetCurrentProcess () returned 0xffffffff [0163.416] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3fe924 | out: TokenHandle=0x3fe924*=0x418) returned 1 [0163.418] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x3fe230 | out: phkResult=0x3fe230*=0x41c) returned 0x0 [0163.418] RegQueryValueExW (in: hKey=0x41c, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x3fe24c, lpData=0x0, lpcbData=0x3fe248*=0x0 | out: lpType=0x3fe24c*=0x0, lpData=0x0, lpcbData=0x3fe248*=0x0) returned 0x2 [0163.418] RegCloseKey (hKey=0x41c) returned 0x0 [0164.068] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x543380 [0164.239] WinHttpSetTimeouts (hInternet=0x543380, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0164.239] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x3fe930 | out: pProxyConfig=0x3fe930) returned 1 [0165.054] CoTaskMemAlloc (cb=0x20e) returned 0x5c8d28 [0165.054] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x5c8d28, nSize=0x105 | out: lpBuffer="᧨\\㠠Z") returned 0x0 [0165.054] CoTaskMemFree (pv=0x5c8d28) [0165.054] CoTaskMemAlloc (cb=0x20e) returned 0x5c8d28 [0165.054] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x5c8d28, nSize=0x105 | out: lpBuffer="᧨\\㠠Z") returned 0x0 [0165.054] CoTaskMemFree (pv=0x5c8d28) [0165.056] EtwEventRegister () returned 0x0 [0165.094] GetCurrentProcess () returned 0xffffffff [0165.094] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3fe5fc | out: TokenHandle=0x3fe5fc*=0x454) returned 1 [0165.096] GetCurrentProcess () returned 0xffffffff [0165.097] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3fe60c | out: TokenHandle=0x3fe60c*=0x464) returned 1 [0165.102] SetEvent (hEvent=0x368) returned 1 [0165.110] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x3fe87c*=0x3e0, lpdwindex=0x3fe69c | out: lpdwindex=0x3fe69c) returned 0x80010115 [0165.112] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x3fe85c*=0x3d0, lpdwindex=0x3fe67c | out: lpdwindex=0x3fe67c) returned 0x80010115 [0165.113] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x3fe85c*=0x3d8, lpdwindex=0x3fe67c | out: lpdwindex=0x3fe67c) returned 0x80010115 [0165.113] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x3fe8b0*=0x404, lpdwindex=0x3fe6cc | out: lpdwindex=0x3fe6cc) returned 0x80010115 [0165.113] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x3fe8b0*=0x40c, lpdwindex=0x3fe6cc | out: lpdwindex=0x3fe6cc) returned 0x80010115 [0165.113] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x3fe8b0*=0x414, lpdwindex=0x3fe6cc | out: lpdwindex=0x3fe6cc) returned 0x80010115 [0165.114] WinHttpGetProxyForUrl (in: hSession=0x543380, lpcwszUrl="http://icanhazip.com/", pAutoProxyOptions=0x3fe840, pProxyInfo=0x3fe8b0 | out: pProxyInfo=0x3fe8b0) returned 0 [0167.745] GetCurrentProcess () returned 0xffffffff [0167.745] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3fe554 | out: TokenHandle=0x3fe554*=0x47c) returned 1 [0167.747] GetCurrentProcess () returned 0xffffffff [0167.747] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3fe564 | out: TokenHandle=0x3fe564*=0x484) returned 1 [0167.749] GetTimeZoneInformation (in: lpTimeZoneInformation=0x3fe764 | out: lpTimeZoneInformation=0x3fe764) returned 0x2 [0167.807] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x3fe5b8 | out: pTimeZoneInformation=0x3fe5b8) returned 0x2 [0167.809] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\AUS Eastern Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x3fe69c | out: phkResult=0x3fe69c*=0x488) returned 0x0 [0167.810] RegQueryValueExW (in: hKey=0x488, lpValueName="TZI", lpReserved=0x0, lpType=0x3fe6b8, lpData=0x0, lpcbData=0x3fe6b4*=0x0 | out: lpType=0x3fe6b8*=0x3, lpData=0x0, lpcbData=0x3fe6b4*=0x2c) returned 0x0 [0167.810] RegQueryValueExW (in: hKey=0x488, lpValueName="TZI", lpReserved=0x0, lpType=0x3fe6b8, lpData=0x24fcb54, lpcbData=0x3fe6b4*=0x2c | out: lpType=0x3fe6b8*=0x3, lpData=0x24fcb54*, lpcbData=0x3fe6b4*=0x2c) returned 0x0 [0167.811] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\AUS Eastern Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x3fe4f0 | out: phkResult=0x3fe4f0*=0x48c) returned 0x0 [0167.811] RegQueryValueExW (in: hKey=0x48c, lpValueName="FirstEntry", lpReserved=0x0, lpType=0x3fe50c, lpData=0x0, lpcbData=0x3fe508*=0x0 | out: lpType=0x3fe50c*=0x4, lpData=0x0, lpcbData=0x3fe508*=0x4) returned 0x0 [0167.811] RegQueryValueExW (in: hKey=0x48c, lpValueName="FirstEntry", lpReserved=0x0, lpType=0x3fe50c, lpData=0x3fe4f8, lpcbData=0x3fe508*=0x4 | out: lpType=0x3fe50c*=0x4, lpData=0x3fe4f8*=0x7d7, lpcbData=0x3fe508*=0x4) returned 0x0 [0167.811] RegQueryValueExW (in: hKey=0x48c, lpValueName="LastEntry", lpReserved=0x0, lpType=0x3fe50c, lpData=0x0, lpcbData=0x3fe508*=0x0 | out: lpType=0x3fe50c*=0x4, lpData=0x0, lpcbData=0x3fe508*=0x4) returned 0x0 [0167.811] RegQueryValueExW (in: hKey=0x48c, lpValueName="LastEntry", lpReserved=0x0, lpType=0x3fe50c, lpData=0x3fe4f8, lpcbData=0x3fe508*=0x4 | out: lpType=0x3fe50c*=0x4, lpData=0x3fe4f8*=0x7d8, lpcbData=0x3fe508*=0x4) returned 0x0 [0167.811] RegQueryValueExW (in: hKey=0x48c, lpValueName="2007", lpReserved=0x0, lpType=0x3fe50c, lpData=0x0, lpcbData=0x3fe508*=0x0 | out: lpType=0x3fe50c*=0x3, lpData=0x0, lpcbData=0x3fe508*=0x2c) returned 0x0 [0167.811] RegQueryValueExW (in: hKey=0x48c, lpValueName="2007", lpReserved=0x0, lpType=0x3fe50c, lpData=0x24fcfe8, lpcbData=0x3fe508*=0x2c | out: lpType=0x3fe50c*=0x3, lpData=0x24fcfe8*, lpcbData=0x3fe508*=0x2c) returned 0x0 [0167.811] RegQueryValueExW (in: hKey=0x48c, lpValueName="2008", lpReserved=0x0, lpType=0x3fe50c, lpData=0x0, lpcbData=0x3fe508*=0x0 | out: lpType=0x3fe50c*=0x3, lpData=0x0, lpcbData=0x3fe508*=0x2c) returned 0x0 [0167.811] RegQueryValueExW (in: hKey=0x48c, lpValueName="2008", lpReserved=0x0, lpType=0x3fe50c, lpData=0x24fd0a8, lpcbData=0x3fe508*=0x2c | out: lpType=0x3fe50c*=0x3, lpData=0x24fd0a8*, lpcbData=0x3fe508*=0x2c) returned 0x0 [0167.812] RegCloseKey (hKey=0x48c) returned 0x0 [0167.812] RegQueryValueExW (in: hKey=0x488, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x3fe690, lpData=0x0, lpcbData=0x3fe68c*=0x0 | out: lpType=0x3fe690*=0x1, lpData=0x0, lpcbData=0x3fe68c*=0x20) returned 0x0 [0167.812] RegQueryValueExW (in: hKey=0x488, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x3fe690, lpData=0x24fd1f0, lpcbData=0x3fe68c*=0x20 | out: lpType=0x3fe690*=0x1, lpData="@tzres.dll,-670", lpcbData=0x3fe68c*=0x20) returned 0x0 [0167.813] RegQueryValueExW (in: hKey=0x488, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x3fe690, lpData=0x0, lpcbData=0x3fe68c*=0x0 | out: lpType=0x3fe690*=0x1, lpData=0x0, lpcbData=0x3fe68c*=0x20) returned 0x0 [0167.813] RegQueryValueExW (in: hKey=0x488, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x3fe690, lpData=0x24fd248, lpcbData=0x3fe68c*=0x20 | out: lpType=0x3fe690*=0x1, lpData="@tzres.dll,-672", lpcbData=0x3fe68c*=0x20) returned 0x0 [0167.813] RegQueryValueExW (in: hKey=0x488, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x3fe690, lpData=0x0, lpcbData=0x3fe68c*=0x0 | out: lpType=0x3fe690*=0x1, lpData=0x0, lpcbData=0x3fe68c*=0x20) returned 0x0 [0167.813] RegQueryValueExW (in: hKey=0x488, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x3fe690, lpData=0x24fd2a0, lpcbData=0x3fe68c*=0x20 | out: lpType=0x3fe690*=0x1, lpData="@tzres.dll,-671", lpcbData=0x3fe68c*=0x20) returned 0x0 [0167.814] CoTaskMemAlloc (cb=0x20c) returned 0x5c3ac0 [0167.815] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x5c3ac0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0167.816] CoTaskMemFree (pv=0x5c3ac0) [0167.816] CoTaskMemAlloc (cb=0x20e) returned 0x5c3ac0 [0167.816] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x3fe6ac, pwszFileMUIPath=0x5c3ac0, pcchFileMUIPath=0x3fe6b0, pululEnumerator=0x3fe6a4 | out: pwszLanguage=0x0, pcchLanguage=0x3fe6ac, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x3fe6b0, pululEnumerator=0x3fe6a4) returned 1 [0167.821] CoTaskMemFree (pv=0x0) [0167.821] CoTaskMemFree (pv=0x5c3ac0) [0167.822] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x6e0001 [0167.828] CoTaskMemAlloc (cb=0x3ec) returned 0x5c4ea0 [0167.828] LoadStringW (in: hInstance=0x6e0001, uID=0x29e, lpBuffer=0x5c4ea0, cchBufferMax=500 | out: lpBuffer="(UTC+10:00) Canberra, Melbourne, Sydney") returned 0x27 [0167.829] CoTaskMemFree (pv=0x5c4ea0) [0167.829] FreeLibrary (hLibModule=0x6e0001) returned 1 [0167.829] CoTaskMemAlloc (cb=0x20c) returned 0x5c3ac0 [0167.829] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x5c3ac0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0167.830] CoTaskMemFree (pv=0x5c3ac0) [0167.830] CoTaskMemAlloc (cb=0x20e) returned 0x5c3ac0 [0167.830] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x3fe6ac, pwszFileMUIPath=0x5c3ac0, pcchFileMUIPath=0x3fe6b0, pululEnumerator=0x3fe6a4 | out: pwszLanguage=0x0, pcchLanguage=0x3fe6ac, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x3fe6b0, pululEnumerator=0x3fe6a4) returned 1 [0167.830] CoTaskMemFree (pv=0x0) [0167.830] CoTaskMemFree (pv=0x5c3ac0) [0167.830] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x6e0001 [0167.831] CoTaskMemAlloc (cb=0x3ec) returned 0x5c4ea0 [0167.831] LoadStringW (in: hInstance=0x6e0001, uID=0x2a0, lpBuffer=0x5c4ea0, cchBufferMax=500 | out: lpBuffer="AUS Eastern Standard Time") returned 0x19 [0167.831] CoTaskMemFree (pv=0x5c4ea0) [0167.831] FreeLibrary (hLibModule=0x6e0001) returned 1 [0167.832] CoTaskMemAlloc (cb=0x20c) returned 0x5c3ac0 [0167.832] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x5c3ac0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0167.832] CoTaskMemFree (pv=0x5c3ac0) [0167.832] CoTaskMemAlloc (cb=0x20e) returned 0x5c3ac0 [0167.832] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x3fe6ac, pwszFileMUIPath=0x5c3ac0, pcchFileMUIPath=0x3fe6b0, pululEnumerator=0x3fe6a4 | out: pwszLanguage=0x0, pcchLanguage=0x3fe6ac, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x3fe6b0, pululEnumerator=0x3fe6a4) returned 1 [0167.833] CoTaskMemFree (pv=0x0) [0167.833] CoTaskMemFree (pv=0x5c3ac0) [0167.833] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x6e0001 [0167.834] CoTaskMemAlloc (cb=0x3ec) returned 0x5c4ea0 [0167.834] LoadStringW (in: hInstance=0x6e0001, uID=0x29f, lpBuffer=0x5c4ea0, cchBufferMax=500 | out: lpBuffer="AUS Eastern Daylight Time") returned 0x19 [0167.834] CoTaskMemFree (pv=0x5c4ea0) [0167.834] FreeLibrary (hLibModule=0x6e0001) returned 1 [0167.834] RegCloseKey (hKey=0x488) returned 0x0 [0167.835] SetEvent (hEvent=0x368) returned 1 [0167.848] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x3fe8c0 | out: pFixedInfo=0x0, pOutBufLen=0x3fe8c0) returned 0x6f [0168.135] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x5c4ea0 [0168.135] GetNetworkParams (in: pFixedInfo=0x5c4ea0, pOutBufLen=0x3fe8c0 | out: pFixedInfo=0x5c4ea0, pOutBufLen=0x3fe8c0) returned 0x0 [0168.147] LocalFree (hMem=0x5c4ea0) returned 0x0 [0168.148] CoTaskMemAlloc (cb=0x20e) returned 0x5c3ac0 [0168.148] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0x5c3ac0, nSize=0x105 | out: lpBuffer="亠\\㺘YC:\\Windows\\system32\\DNSAPI.dll") returned 0x0 [0168.148] CoTaskMemFree (pv=0x5c3ac0) [0168.148] CoTaskMemAlloc (cb=0x20e) returned 0x5c3ac0 [0168.148] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0x5c3ac0, nSize=0x105 | out: lpBuffer="亠\\㺘YC:\\Windows\\system32\\DNSAPI.dll") returned 0x0 [0168.148] CoTaskMemFree (pv=0x5c3ac0) [0168.151] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x49c [0168.153] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x498 [0168.154] GetAddrInfoW (in: pNodeName="icanhazip.com", pServiceName=0x0, pHints=0x3fe7b0*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x3fe758 | out: ppResult=0x3fe758*=0x8494978*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="icanhazip.com", ai_addr=0x8494a70*(sa_family=2, sin_port=0x0, sin_addr="104.20.16.242"), ai_next=0x84949a0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x84949c8*(sa_family=2, sin_port=0x0, sin_addr="104.20.17.242"), ai_next=0x0))) returned 0 [0168.502] FreeAddrInfoW (pAddrInfo=0x8494978*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="icanhazip.com", ai_addr=0x8494a70*(sa_family=2, sin_port=0x0, sin_addr="104.20.16.242"), ai_next=0x84949a0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x84949c8*(sa_family=2, sin_port=0x0, sin_addr="104.20.17.242"), ai_next=0x0))) [0168.556] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4a4 [0168.556] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4ac [0168.557] ioctlsocket (in: s=0x4a4, cmd=-2147195266, argp=0x3fe788 | out: argp=0x3fe788) returned 0 [0168.557] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4b0 [0168.557] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4b4 [0168.558] ioctlsocket (in: s=0x4b0, cmd=-2147195266, argp=0x3fe788 | out: argp=0x3fe788) returned 0 [0168.558] WSAIoctl (in: s=0x4a4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x3fe770, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x3fe770, lpOverlapped=0x0) returned -1 [0168.558] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x3fe4a0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0168.558] WSAEventSelect (s=0x4a4, hEventObject=0x4ac, lNetworkEvents=512) returned 0 [0168.558] WSAIoctl (in: s=0x4b0, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x3fe770, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x3fe770, lpOverlapped=0x0) returned -1 [0168.558] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x3fe4a0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0168.558] WSAEventSelect (s=0x4b0, hEventObject=0x4b4, lNetworkEvents=512) returned 0 [0168.559] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x3fe76c*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x3fe76c*=0xa5c) returned 0x6f [0168.579] LocalAlloc (uFlags=0x0, uBytes=0xa5c) returned 0x5beb40 [0168.579] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x5beb40, SizePointer=0x3fe76c*=0xa5c | out: AdapterAddresses=0x5beb40*(Alignment=0xe00000178, Length=0x178, IfIndex=0xe, Next=0x5bee04, AdapterName="{208C2C2F-ECA0-4B34-8C2D-83B1FBC25E0D}", FirstUnicastAddress=0x5bed78, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) PRO/1000 MT Network Connection #2", FriendlyName="Local Area Connection 2", PhysicalAddress=([0]=0x0, [1]=0x1d, [2]=0x56, [3]=0x60, [4]=0xc1, [5]=0x7f, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0xe, ZoneIndices=([0]=0xe, [1]=0xe, [2]=0xe, [3]=0xe, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6000007000000, Dhcpv4Server.lpSockaddr=0x5becb8*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x20, [5]=0xc7, [6]=0x5c, [7]=0xa7, [8]=0xc4, [9]=0x3d, [10]=0xc7, [11]=0x58, [12]=0x4a, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x11c43dc7, FirstDnsSuffix=0x0), SizePointer=0x3fe76c*=0xa5c) returned 0x0 [0168.591] LocalFree (hMem=0x5beb40) returned 0x0 [0168.594] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3fe780 | out: phkResult=0x3fe780*=0x4b8) returned 0x0 [0168.594] RegQueryValueExW (in: hKey=0x4b8, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x3fe79c, lpData=0x0, lpcbData=0x3fe798*=0x0 | out: lpType=0x3fe79c*=0x0, lpData=0x0, lpcbData=0x3fe798*=0x0) returned 0x2 [0168.594] RegCloseKey (hKey=0x4b8) returned 0x0 [0168.596] WSAConnect (in: s=0x49c, name=0x2508974*(sa_family=2, sin_port=0x50, sin_addr="104.20.16.242"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0168.616] closesocket (s=0x498) returned 0 [0168.622] send (s=0x49c, buf=0x25095f4*, len=63, flags=0) returned 63 [0168.624] setsockopt (s=0x49c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0168.624] recv (in: s=0x49c, buf=0x2504914, len=4096, flags=0 | out: buf=0x2504914*) returned 732 [0168.689] setsockopt (s=0x49c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0168.689] SetEvent (hEvent=0x368) returned 1 [0168.773] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fea08) returned 1 [0168.774] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27 [0168.775] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", nBufferLength=0x105, lpBuffer=0x3fe4e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpFilePart=0x0) returned 0x28 [0168.781] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*", lpFindFileData=0x3fe730 | out: lpFindFileData=0x3fe730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd91fdc40, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd91fdc40, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x57bcf8 [0168.783] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd91fdc40, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd91fdc40, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0168.783] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x761beb10, ftCreationTime.dwHighDateTime=0x1d58c6e, ftLastAccessTime.dwLowDateTime=0xf41c8f80, ftLastAccessTime.dwHighDateTime=0x1d57998, ftLastWriteTime.dwLowDateTime=0xf41c8f80, ftLastWriteTime.dwHighDateTime=0x1d57998, nFileSizeHigh=0x0, nFileSizeLow=0x7b39, dwReserved0=0x0, dwReserved1=0x0, cFileName="-4KTZQ8c-4L_GN-.xlsx", cAlternateFileName="-4KTZQ~1.XLS")) returned 1 [0168.783] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x21e84de0, ftCreationTime.dwHighDateTime=0x1d5e41b, ftLastAccessTime.dwLowDateTime=0xc64b8130, ftLastAccessTime.dwHighDateTime=0x1d5e773, ftLastWriteTime.dwLowDateTime=0xc64b8130, ftLastWriteTime.dwHighDateTime=0x1d5e773, nFileSizeHigh=0x0, nFileSizeLow=0x128e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="5BVnbBQ.doc", cAlternateFileName="")) returned 1 [0168.783] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36b4bde0, ftCreationTime.dwHighDateTime=0x1d5e712, ftLastAccessTime.dwLowDateTime=0x4991f130, ftLastAccessTime.dwHighDateTime=0x1d5dd49, ftLastWriteTime.dwLowDateTime=0x4991f130, ftLastWriteTime.dwHighDateTime=0x1d5dd49, nFileSizeHigh=0x0, nFileSizeLow=0x14dd3, dwReserved0=0x0, dwReserved1=0x0, cFileName="6j_RA.csv", cAlternateFileName="")) returned 1 [0168.783] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f1a4660, ftCreationTime.dwHighDateTime=0x1d5b30a, ftLastAccessTime.dwLowDateTime=0x5212dd80, ftLastAccessTime.dwHighDateTime=0x1d59927, ftLastWriteTime.dwLowDateTime=0x5212dd80, ftLastWriteTime.dwHighDateTime=0x1d59927, nFileSizeHigh=0x0, nFileSizeLow=0x92fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="7Qln-Obr.pptx", cAlternateFileName="7QLN-O~1.PPT")) returned 1 [0168.784] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1564ff10, ftCreationTime.dwHighDateTime=0x1d5b571, ftLastAccessTime.dwLowDateTime=0x369d0260, ftLastAccessTime.dwHighDateTime=0x1d5de5a, ftLastWriteTime.dwLowDateTime=0x369d0260, ftLastWriteTime.dwHighDateTime=0x1d5de5a, nFileSizeHigh=0x0, nFileSizeLow=0x12320, dwReserved0=0x0, dwReserved1=0x0, cFileName="99gL.pptx", cAlternateFileName="99GL~1.PPT")) returned 1 [0168.784] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x151ea8a0, ftCreationTime.dwHighDateTime=0x1d57b18, ftLastAccessTime.dwLowDateTime=0x1b6e86e0, ftLastAccessTime.dwHighDateTime=0x1d5c02c, ftLastWriteTime.dwLowDateTime=0x1b6e86e0, ftLastWriteTime.dwHighDateTime=0x1d5c02c, nFileSizeHigh=0x0, nFileSizeLow=0x12059, dwReserved0=0x0, dwReserved1=0x0, cFileName="d4AuH3B.docx", cAlternateFileName="D4AUH3~1.DOC")) returned 1 [0168.784] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0168.784] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x95e8b0c0, ftCreationTime.dwHighDateTime=0x1d5e319, ftLastAccessTime.dwLowDateTime=0xd027a4d0, ftLastAccessTime.dwHighDateTime=0x1d5e2d8, ftLastWriteTime.dwLowDateTime=0xd027a4d0, ftLastWriteTime.dwHighDateTime=0x1d5e2d8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fD6D", cAlternateFileName="")) returned 1 [0168.784] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a04e110, ftCreationTime.dwHighDateTime=0x1d5aa34, ftLastAccessTime.dwLowDateTime=0x946de260, ftLastAccessTime.dwHighDateTime=0x1d5a043, ftLastWriteTime.dwLowDateTime=0x946de260, ftLastWriteTime.dwHighDateTime=0x1d5a043, nFileSizeHigh=0x0, nFileSizeLow=0x9268, dwReserved0=0x0, dwReserved1=0x0, cFileName="G2VYNULlRp1dGEM.pptx", cAlternateFileName="G2VYNU~1.PPT")) returned 1 [0168.784] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xafa9a610, ftCreationTime.dwHighDateTime=0x1d5d282, ftLastAccessTime.dwLowDateTime=0x756b310, ftLastAccessTime.dwHighDateTime=0x1d580eb, ftLastWriteTime.dwLowDateTime=0x756b310, ftLastWriteTime.dwHighDateTime=0x1d580eb, nFileSizeHigh=0x0, nFileSizeLow=0x13df5, dwReserved0=0x0, dwReserved1=0x0, cFileName="g6fYp_Iq2J0.docx", cAlternateFileName="G6FYP_~1.DOC")) returned 1 [0168.784] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb5bcf0, ftCreationTime.dwHighDateTime=0x1d5b8a0, ftLastAccessTime.dwLowDateTime=0x2d928110, ftLastAccessTime.dwHighDateTime=0x1d56b1c, ftLastWriteTime.dwLowDateTime=0x2d928110, ftLastWriteTime.dwHighDateTime=0x1d56b1c, nFileSizeHigh=0x0, nFileSizeLow=0x15ae5, dwReserved0=0x0, dwReserved1=0x0, cFileName="JvdtKAy8y.pptx", cAlternateFileName="JVDTKA~1.PPT")) returned 1 [0168.785] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27af7c80, ftCreationTime.dwHighDateTime=0x1d5dfe3, ftLastAccessTime.dwLowDateTime=0xf11546c0, ftLastAccessTime.dwHighDateTime=0x1d5dd60, ftLastWriteTime.dwLowDateTime=0xf11546c0, ftLastWriteTime.dwHighDateTime=0x1d5dd60, nFileSizeHigh=0x0, nFileSizeLow=0xb80e, dwReserved0=0x0, dwReserved1=0x0, cFileName="KNGyRf7.rtf", cAlternateFileName="")) returned 1 [0168.785] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcb079950, ftCreationTime.dwHighDateTime=0x1d5778b, ftLastAccessTime.dwLowDateTime=0xa1cce870, ftLastAccessTime.dwHighDateTime=0x1d5a9d0, ftLastWriteTime.dwLowDateTime=0xa1cce870, ftLastWriteTime.dwHighDateTime=0x1d5a9d0, nFileSizeHigh=0x0, nFileSizeLow=0x42e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MI100KI06dECQ-OFr.docx", cAlternateFileName="MI100K~1.DOC")) returned 1 [0168.785] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa5f61f20, ftCreationTime.dwHighDateTime=0x1d5dfdb, ftLastAccessTime.dwLowDateTime=0x5db5e440, ftLastAccessTime.dwHighDateTime=0x1d5d881, ftLastWriteTime.dwLowDateTime=0x5db5e440, ftLastWriteTime.dwHighDateTime=0x1d5d881, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MqiJ9nf_bQCiklH", cAlternateFileName="MQIJ9N~1")) returned 1 [0168.785] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0168.785] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0168.785] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Shapes", cAlternateFileName="MYSHAP~1")) returned 1 [0168.786] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0168.786] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8bd18320, ftCreationTime.dwHighDateTime=0x1d5e547, ftLastAccessTime.dwLowDateTime=0x6039a4c0, ftLastAccessTime.dwHighDateTime=0x1d587f7, ftLastWriteTime.dwLowDateTime=0x6039a4c0, ftLastWriteTime.dwHighDateTime=0x1d587f7, nFileSizeHigh=0x0, nFileSizeLow=0xcaa4, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="N-RC1ehvHIL.pptx", cAlternateFileName="N-RC1E~1.PPT")) returned 1 [0168.786] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc68589e0, ftCreationTime.dwHighDateTime=0x1d5e2c6, ftLastAccessTime.dwLowDateTime=0x59d6a790, ftLastAccessTime.dwHighDateTime=0x1d55fca, ftLastWriteTime.dwLowDateTime=0x59d6a790, ftLastWriteTime.dwHighDateTime=0x1d55fca, nFileSizeHigh=0x0, nFileSizeLow=0xab87, dwReserved0=0x0, dwReserved1=0x0, cFileName="OPneRizEsCfw.xlsx", cAlternateFileName="OPNERI~1.XLS")) returned 1 [0168.786] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0168.786] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf019c510, ftCreationTime.dwHighDateTime=0x1d55d82, ftLastAccessTime.dwLowDateTime=0x8ecfe920, ftLastAccessTime.dwHighDateTime=0x1d5613c, ftLastWriteTime.dwLowDateTime=0x8ecfe920, ftLastWriteTime.dwHighDateTime=0x1d5613c, nFileSizeHigh=0x0, nFileSizeLow=0xeefe, dwReserved0=0x0, dwReserved1=0x0, cFileName="sJW8oaoLJG3YP34WrevM.xlsx", cAlternateFileName="SJW8OA~1.XLS")) returned 1 [0168.786] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde0824e0, ftCreationTime.dwHighDateTime=0x1d5764e, ftLastAccessTime.dwLowDateTime=0x738f83b0, ftLastAccessTime.dwHighDateTime=0x1d59499, ftLastWriteTime.dwLowDateTime=0x738f83b0, ftLastWriteTime.dwHighDateTime=0x1d59499, nFileSizeHigh=0x0, nFileSizeLow=0xd362, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vc5FB54HT.xlsx", cAlternateFileName="VC5FB5~1.XLS")) returned 1 [0168.786] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15c2aeb0, ftCreationTime.dwHighDateTime=0x1d59791, ftLastAccessTime.dwLowDateTime=0x2be1940, ftLastAccessTime.dwHighDateTime=0x1d5906f, ftLastWriteTime.dwLowDateTime=0x2be1940, ftLastWriteTime.dwHighDateTime=0x1d5906f, nFileSizeHigh=0x0, nFileSizeLow=0xb2f2, dwReserved0=0x0, dwReserved1=0x0, cFileName="vq0DOQYbOerhfDd_sZsV.docx", cAlternateFileName="VQ0DOQ~1.DOC")) returned 1 [0168.787] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x518a84b0, ftCreationTime.dwHighDateTime=0x1d5e5c8, ftLastAccessTime.dwLowDateTime=0x33c31260, ftLastAccessTime.dwHighDateTime=0x1d5e7a5, ftLastWriteTime.dwLowDateTime=0x33c31260, ftLastWriteTime.dwHighDateTime=0x1d5e7a5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ygHeErUigNgnJVNED2H", cAlternateFileName="YGHEER~1")) returned 1 [0168.787] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa77775d0, ftCreationTime.dwHighDateTime=0x1d58403, ftLastAccessTime.dwLowDateTime=0xc8fa5730, ftLastAccessTime.dwHighDateTime=0x1d57338, ftLastWriteTime.dwLowDateTime=0xc8fa5730, ftLastWriteTime.dwHighDateTime=0x1d57338, nFileSizeHigh=0x0, nFileSizeLow=0x932c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Zck2UsisaP9Cfi.xlsx", cAlternateFileName="ZCK2US~1.XLS")) returned 1 [0168.787] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d0cb620, ftCreationTime.dwHighDateTime=0x1d5b0b3, ftLastAccessTime.dwLowDateTime=0x6d863250, ftLastAccessTime.dwHighDateTime=0x1d5e3d8, ftLastWriteTime.dwLowDateTime=0x6d863250, ftLastWriteTime.dwHighDateTime=0x1d5e3d8, nFileSizeHigh=0x0, nFileSizeLow=0x31ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZVcK2BPc6fQ1Q7V.docx", cAlternateFileName="ZVCK2B~1.DOC")) returned 1 [0168.787] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0168.787] FindClose (in: hFindFile=0x57bcf8 | out: hFindFile=0x57bcf8) returned 1 [0168.787] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe9c8) returned 1 [0168.787] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe9d4) returned 1 [0168.787] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fea08) returned 1 [0168.787] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27 [0168.788] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", nBufferLength=0x105, lpBuffer=0x3fe4e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\", lpFilePart=0x0) returned 0x28 [0168.788] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*", lpFindFileData=0x3fe730 | out: lpFindFileData=0x3fe730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd91fdc40, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd91fdc40, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x57bcf8 [0168.788] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd91fdc40, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd91fdc40, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0168.788] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x761beb10, ftCreationTime.dwHighDateTime=0x1d58c6e, ftLastAccessTime.dwLowDateTime=0xf41c8f80, ftLastAccessTime.dwHighDateTime=0x1d57998, ftLastWriteTime.dwLowDateTime=0xf41c8f80, ftLastWriteTime.dwHighDateTime=0x1d57998, nFileSizeHigh=0x0, nFileSizeLow=0x7b39, dwReserved0=0x0, dwReserved1=0x0, cFileName="-4KTZQ8c-4L_GN-.xlsx", cAlternateFileName="-4KTZQ~1.XLS")) returned 1 [0168.788] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x21e84de0, ftCreationTime.dwHighDateTime=0x1d5e41b, ftLastAccessTime.dwLowDateTime=0xc64b8130, ftLastAccessTime.dwHighDateTime=0x1d5e773, ftLastWriteTime.dwLowDateTime=0xc64b8130, ftLastWriteTime.dwHighDateTime=0x1d5e773, nFileSizeHigh=0x0, nFileSizeLow=0x128e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="5BVnbBQ.doc", cAlternateFileName="")) returned 1 [0168.788] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36b4bde0, ftCreationTime.dwHighDateTime=0x1d5e712, ftLastAccessTime.dwLowDateTime=0x4991f130, ftLastAccessTime.dwHighDateTime=0x1d5dd49, ftLastWriteTime.dwLowDateTime=0x4991f130, ftLastWriteTime.dwHighDateTime=0x1d5dd49, nFileSizeHigh=0x0, nFileSizeLow=0x14dd3, dwReserved0=0x0, dwReserved1=0x0, cFileName="6j_RA.csv", cAlternateFileName="")) returned 1 [0168.789] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f1a4660, ftCreationTime.dwHighDateTime=0x1d5b30a, ftLastAccessTime.dwLowDateTime=0x5212dd80, ftLastAccessTime.dwHighDateTime=0x1d59927, ftLastWriteTime.dwLowDateTime=0x5212dd80, ftLastWriteTime.dwHighDateTime=0x1d59927, nFileSizeHigh=0x0, nFileSizeLow=0x92fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="7Qln-Obr.pptx", cAlternateFileName="7QLN-O~1.PPT")) returned 1 [0168.789] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1564ff10, ftCreationTime.dwHighDateTime=0x1d5b571, ftLastAccessTime.dwLowDateTime=0x369d0260, ftLastAccessTime.dwHighDateTime=0x1d5de5a, ftLastWriteTime.dwLowDateTime=0x369d0260, ftLastWriteTime.dwHighDateTime=0x1d5de5a, nFileSizeHigh=0x0, nFileSizeLow=0x12320, dwReserved0=0x0, dwReserved1=0x0, cFileName="99gL.pptx", cAlternateFileName="99GL~1.PPT")) returned 1 [0168.789] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x151ea8a0, ftCreationTime.dwHighDateTime=0x1d57b18, ftLastAccessTime.dwLowDateTime=0x1b6e86e0, ftLastAccessTime.dwHighDateTime=0x1d5c02c, ftLastWriteTime.dwLowDateTime=0x1b6e86e0, ftLastWriteTime.dwHighDateTime=0x1d5c02c, nFileSizeHigh=0x0, nFileSizeLow=0x12059, dwReserved0=0x0, dwReserved1=0x0, cFileName="d4AuH3B.docx", cAlternateFileName="D4AUH3~1.DOC")) returned 1 [0168.789] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0168.789] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x95e8b0c0, ftCreationTime.dwHighDateTime=0x1d5e319, ftLastAccessTime.dwLowDateTime=0xd027a4d0, ftLastAccessTime.dwHighDateTime=0x1d5e2d8, ftLastWriteTime.dwLowDateTime=0xd027a4d0, ftLastWriteTime.dwHighDateTime=0x1d5e2d8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fD6D", cAlternateFileName="")) returned 1 [0168.789] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a04e110, ftCreationTime.dwHighDateTime=0x1d5aa34, ftLastAccessTime.dwLowDateTime=0x946de260, ftLastAccessTime.dwHighDateTime=0x1d5a043, ftLastWriteTime.dwLowDateTime=0x946de260, ftLastWriteTime.dwHighDateTime=0x1d5a043, nFileSizeHigh=0x0, nFileSizeLow=0x9268, dwReserved0=0x0, dwReserved1=0x0, cFileName="G2VYNULlRp1dGEM.pptx", cAlternateFileName="G2VYNU~1.PPT")) returned 1 [0168.790] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xafa9a610, ftCreationTime.dwHighDateTime=0x1d5d282, ftLastAccessTime.dwLowDateTime=0x756b310, ftLastAccessTime.dwHighDateTime=0x1d580eb, ftLastWriteTime.dwLowDateTime=0x756b310, ftLastWriteTime.dwHighDateTime=0x1d580eb, nFileSizeHigh=0x0, nFileSizeLow=0x13df5, dwReserved0=0x0, dwReserved1=0x0, cFileName="g6fYp_Iq2J0.docx", cAlternateFileName="G6FYP_~1.DOC")) returned 1 [0168.790] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb5bcf0, ftCreationTime.dwHighDateTime=0x1d5b8a0, ftLastAccessTime.dwLowDateTime=0x2d928110, ftLastAccessTime.dwHighDateTime=0x1d56b1c, ftLastWriteTime.dwLowDateTime=0x2d928110, ftLastWriteTime.dwHighDateTime=0x1d56b1c, nFileSizeHigh=0x0, nFileSizeLow=0x15ae5, dwReserved0=0x0, dwReserved1=0x0, cFileName="JvdtKAy8y.pptx", cAlternateFileName="JVDTKA~1.PPT")) returned 1 [0168.790] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27af7c80, ftCreationTime.dwHighDateTime=0x1d5dfe3, ftLastAccessTime.dwLowDateTime=0xf11546c0, ftLastAccessTime.dwHighDateTime=0x1d5dd60, ftLastWriteTime.dwLowDateTime=0xf11546c0, ftLastWriteTime.dwHighDateTime=0x1d5dd60, nFileSizeHigh=0x0, nFileSizeLow=0xb80e, dwReserved0=0x0, dwReserved1=0x0, cFileName="KNGyRf7.rtf", cAlternateFileName="")) returned 1 [0168.790] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcb079950, ftCreationTime.dwHighDateTime=0x1d5778b, ftLastAccessTime.dwLowDateTime=0xa1cce870, ftLastAccessTime.dwHighDateTime=0x1d5a9d0, ftLastWriteTime.dwLowDateTime=0xa1cce870, ftLastWriteTime.dwHighDateTime=0x1d5a9d0, nFileSizeHigh=0x0, nFileSizeLow=0x42e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MI100KI06dECQ-OFr.docx", cAlternateFileName="MI100K~1.DOC")) returned 1 [0168.790] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa5f61f20, ftCreationTime.dwHighDateTime=0x1d5dfdb, ftLastAccessTime.dwLowDateTime=0x5db5e440, ftLastAccessTime.dwHighDateTime=0x1d5d881, ftLastWriteTime.dwLowDateTime=0x5db5e440, ftLastWriteTime.dwHighDateTime=0x1d5d881, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MqiJ9nf_bQCiklH", cAlternateFileName="MQIJ9N~1")) returned 1 [0168.790] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0168.790] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0168.791] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My Shapes", cAlternateFileName="MYSHAP~1")) returned 1 [0168.791] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0168.791] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8bd18320, ftCreationTime.dwHighDateTime=0x1d5e547, ftLastAccessTime.dwLowDateTime=0x6039a4c0, ftLastAccessTime.dwHighDateTime=0x1d587f7, ftLastWriteTime.dwLowDateTime=0x6039a4c0, ftLastWriteTime.dwHighDateTime=0x1d587f7, nFileSizeHigh=0x0, nFileSizeLow=0xcaa4, dwReserved0=0x0, dwReserved1=0x0, cFileName="N-RC1ehvHIL.pptx", cAlternateFileName="N-RC1E~1.PPT")) returned 1 [0168.792] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc68589e0, ftCreationTime.dwHighDateTime=0x1d5e2c6, ftLastAccessTime.dwLowDateTime=0x59d6a790, ftLastAccessTime.dwHighDateTime=0x1d55fca, ftLastWriteTime.dwLowDateTime=0x59d6a790, ftLastWriteTime.dwHighDateTime=0x1d55fca, nFileSizeHigh=0x0, nFileSizeLow=0xab87, dwReserved0=0x0, dwReserved1=0x0, cFileName="OPneRizEsCfw.xlsx", cAlternateFileName="OPNERI~1.XLS")) returned 1 [0168.792] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0168.792] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf019c510, ftCreationTime.dwHighDateTime=0x1d55d82, ftLastAccessTime.dwLowDateTime=0x8ecfe920, ftLastAccessTime.dwHighDateTime=0x1d5613c, ftLastWriteTime.dwLowDateTime=0x8ecfe920, ftLastWriteTime.dwHighDateTime=0x1d5613c, nFileSizeHigh=0x0, nFileSizeLow=0xeefe, dwReserved0=0x0, dwReserved1=0x0, cFileName="sJW8oaoLJG3YP34WrevM.xlsx", cAlternateFileName="SJW8OA~1.XLS")) returned 1 [0168.792] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde0824e0, ftCreationTime.dwHighDateTime=0x1d5764e, ftLastAccessTime.dwLowDateTime=0x738f83b0, ftLastAccessTime.dwHighDateTime=0x1d59499, ftLastWriteTime.dwLowDateTime=0x738f83b0, ftLastWriteTime.dwHighDateTime=0x1d59499, nFileSizeHigh=0x0, nFileSizeLow=0xd362, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vc5FB54HT.xlsx", cAlternateFileName="VC5FB5~1.XLS")) returned 1 [0168.792] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15c2aeb0, ftCreationTime.dwHighDateTime=0x1d59791, ftLastAccessTime.dwLowDateTime=0x2be1940, ftLastAccessTime.dwHighDateTime=0x1d5906f, ftLastWriteTime.dwLowDateTime=0x2be1940, ftLastWriteTime.dwHighDateTime=0x1d5906f, nFileSizeHigh=0x0, nFileSizeLow=0xb2f2, dwReserved0=0x0, dwReserved1=0x0, cFileName="vq0DOQYbOerhfDd_sZsV.docx", cAlternateFileName="VQ0DOQ~1.DOC")) returned 1 [0168.792] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x518a84b0, ftCreationTime.dwHighDateTime=0x1d5e5c8, ftLastAccessTime.dwLowDateTime=0x33c31260, ftLastAccessTime.dwHighDateTime=0x1d5e7a5, ftLastWriteTime.dwLowDateTime=0x33c31260, ftLastWriteTime.dwHighDateTime=0x1d5e7a5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ygHeErUigNgnJVNED2H", cAlternateFileName="YGHEER~1")) returned 1 [0168.793] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa77775d0, ftCreationTime.dwHighDateTime=0x1d58403, ftLastAccessTime.dwLowDateTime=0xc8fa5730, ftLastAccessTime.dwHighDateTime=0x1d57338, ftLastWriteTime.dwLowDateTime=0xc8fa5730, ftLastWriteTime.dwHighDateTime=0x1d57338, nFileSizeHigh=0x0, nFileSizeLow=0x932c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Zck2UsisaP9Cfi.xlsx", cAlternateFileName="ZCK2US~1.XLS")) returned 1 [0168.793] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d0cb620, ftCreationTime.dwHighDateTime=0x1d5b0b3, ftLastAccessTime.dwLowDateTime=0x6d863250, ftLastAccessTime.dwHighDateTime=0x1d5e3d8, ftLastWriteTime.dwLowDateTime=0x6d863250, ftLastWriteTime.dwHighDateTime=0x1d5e3d8, nFileSizeHigh=0x0, nFileSizeLow=0x31ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZVcK2BPc6fQ1Q7V.docx", cAlternateFileName="ZVCK2B~1.DOC")) returned 1 [0168.793] FindNextFileW (in: hFindFile=0x57bcf8, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d0cb620, ftCreationTime.dwHighDateTime=0x1d5b0b3, ftLastAccessTime.dwLowDateTime=0x6d863250, ftLastAccessTime.dwHighDateTime=0x1d5e3d8, ftLastWriteTime.dwLowDateTime=0x6d863250, ftLastWriteTime.dwHighDateTime=0x1d5e3d8, nFileSizeHigh=0x0, nFileSizeLow=0x31ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZVcK2BPc6fQ1Q7V.docx", cAlternateFileName="ZVCK2B~1.DOC")) returned 0 [0168.793] FindClose (in: hFindFile=0x57bcf8 | out: hFindFile=0x57bcf8) returned 1 [0168.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe9c8) returned 1 [0168.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe9d4) returned 1 [0168.814] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-4KTZQ8c-4L_GN-.xlsx", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-4KTZQ8c-4L_GN-.xlsx", lpFilePart=0x0) returned 0x3c [0168.814] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0168.814] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-4KTZQ8c-4L_GN-.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-4ktzq8c-4l_gn-.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x498 [0168.814] GetFileType (hFile=0x498) returned 0x1 [0168.814] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0168.814] GetFileType (hFile=0x498) returned 0x1 [0168.814] GetFileSize (in: hFile=0x498, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0x7b39 [0168.815] ReadFile (in: hFile=0x498, lpBuffer=0x25131f0, nNumberOfBytesToRead=0x7b39, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x25131f0*, lpNumberOfBytesRead=0x3fe9a4*=0x7b39, lpOverlapped=0x0) returned 1 [0168.816] CloseHandle (hObject=0x498) returned 1 [0168.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x3fe3ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0168.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x3fe410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0168.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe870) returned 1 [0168.831] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x3fe8ec | out: lpFileInformation=0x3fe8ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0168.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe86c) returned 1 [0169.033] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x3fe5fc | out: pfEnabled=0x3fe5fc) returned 0x0 [0169.286] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0169.286] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0169.287] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0169.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0169.287] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-4KTZQ8c-4L_GN-.xlsx", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-4KTZQ8c-4L_GN-.xlsx", lpFilePart=0x0) returned 0x3c [0169.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0169.287] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-4KTZQ8c-4L_GN-.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-4ktzq8c-4l_gn-.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4cc [0169.288] GetFileType (hFile=0x4cc) returned 0x1 [0169.288] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0169.288] GetFileType (hFile=0x4cc) returned 0x1 [0169.289] WriteFile (in: hFile=0x4cc, lpBuffer=0x25b0990*, nNumberOfBytesToWrite=0x7b40, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x25b0990*, lpNumberOfBytesWritten=0x3fe994*=0x7b40, lpOverlapped=0x0) returned 1 [0169.290] CloseHandle (hObject=0x4cc) returned 1 [0169.292] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-4KTZQ8c-4L_GN-.xlsx", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-4KTZQ8c-4L_GN-.xlsx", lpFilePart=0x0) returned 0x3c [0169.292] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-4KTZQ8c-4L_GN-.xlsx.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-4KTZQ8c-4L_GN-.xlsx.encrypted", lpFilePart=0x0) returned 0x46 [0169.292] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0169.292] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-4KTZQ8c-4L_GN-.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-4ktzq8c-4l_gn-.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x761beb10, ftCreationTime.dwHighDateTime=0x1d58c6e, ftLastAccessTime.dwLowDateTime=0xf41c8f80, ftLastAccessTime.dwHighDateTime=0x1d57998, ftLastWriteTime.dwLowDateTime=0x196ce5a0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x7b40)) returned 1 [0169.293] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0169.294] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-4KTZQ8c-4L_GN-.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-4ktzq8c-4l_gn-.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-4KTZQ8c-4L_GN-.xlsx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-4ktzq8c-4l_gn-.xlsx.encrypted")) returned 1 [0169.297] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5BVnbBQ.doc", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5BVnbBQ.doc", lpFilePart=0x0) returned 0x33 [0169.297] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0169.297] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5BVnbBQ.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5bvnbbq.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4cc [0169.298] GetFileType (hFile=0x4cc) returned 0x1 [0169.298] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0169.298] GetFileType (hFile=0x4cc) returned 0x1 [0169.298] GetFileSize (in: hFile=0x4cc, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0x128e5 [0169.299] ReadFile (in: hFile=0x4cc, lpBuffer=0x25b89f4, nNumberOfBytesToRead=0x128e5, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x25b89f4*, lpNumberOfBytesRead=0x3fe9a4*=0x128e5, lpOverlapped=0x0) returned 1 [0169.300] CloseHandle (hObject=0x4cc) returned 1 [0169.350] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0169.350] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0169.350] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0169.350] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0169.350] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5BVnbBQ.doc", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5BVnbBQ.doc", lpFilePart=0x0) returned 0x33 [0169.351] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0169.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5BVnbBQ.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5bvnbbq.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4cc [0169.352] GetFileType (hFile=0x4cc) returned 0x1 [0169.352] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0169.352] GetFileType (hFile=0x4cc) returned 0x1 [0169.352] WriteFile (in: hFile=0x4cc, lpBuffer=0x263d288*, nNumberOfBytesToWrite=0x128f0, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x263d288*, lpNumberOfBytesWritten=0x3fe994*=0x128f0, lpOverlapped=0x0) returned 1 [0169.355] CloseHandle (hObject=0x4cc) returned 1 [0169.356] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5BVnbBQ.doc", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5BVnbBQ.doc", lpFilePart=0x0) returned 0x33 [0169.356] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5BVnbBQ.doc.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5BVnbBQ.doc.encrypted", lpFilePart=0x0) returned 0x3d [0169.356] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0169.356] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5BVnbBQ.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5bvnbbq.doc"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x21e84de0, ftCreationTime.dwHighDateTime=0x1d5e41b, ftLastAccessTime.dwLowDateTime=0xc64b8130, ftLastAccessTime.dwHighDateTime=0x1d5e773, ftLastWriteTime.dwLowDateTime=0x19766b20, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x128f0)) returned 1 [0169.356] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0169.356] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5BVnbBQ.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5bvnbbq.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5BVnbBQ.doc.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5bvnbbq.doc.encrypted")) returned 1 [0169.358] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6j_RA.csv", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6j_RA.csv", lpFilePart=0x0) returned 0x31 [0169.358] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0169.359] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6j_RA.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\6j_ra.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4cc [0169.359] GetFileType (hFile=0x4cc) returned 0x1 [0169.359] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0169.359] GetFileType (hFile=0x4cc) returned 0x1 [0169.359] GetFileSize (in: hFile=0x4cc, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0x14dd3 [0169.360] ReadFile (in: hFile=0x4cc, lpBuffer=0x3cf0070, nNumberOfBytesToRead=0x14dd3, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x3cf0070*, lpNumberOfBytesRead=0x3fe9a4*=0x14dd3, lpOverlapped=0x0) returned 1 [0169.362] CloseHandle (hObject=0x4cc) returned 1 [0169.428] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0169.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0169.429] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0169.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0169.429] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6j_RA.csv", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6j_RA.csv", lpFilePart=0x0) returned 0x31 [0169.429] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0169.429] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6j_RA.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\6j_ra.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.430] GetFileType (hFile=0x4d0) returned 0x1 [0169.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0169.430] GetFileType (hFile=0x4d0) returned 0x1 [0169.430] WriteFile (in: hFile=0x4d0, lpBuffer=0x3d58600*, nNumberOfBytesToWrite=0x14de0, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x3d58600*, lpNumberOfBytesWritten=0x3fe994*=0x14de0, lpOverlapped=0x0) returned 1 [0169.432] CloseHandle (hObject=0x4d0) returned 1 [0169.434] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6j_RA.csv", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6j_RA.csv", lpFilePart=0x0) returned 0x31 [0169.434] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6j_RA.csv.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6j_RA.csv.encrypted", lpFilePart=0x0) returned 0x3b [0169.434] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0169.434] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6j_RA.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\6j_ra.csv"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36b4bde0, ftCreationTime.dwHighDateTime=0x1d5e712, ftLastAccessTime.dwLowDateTime=0x4991f130, ftLastAccessTime.dwHighDateTime=0x1d5dd49, ftLastWriteTime.dwLowDateTime=0x19825200, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x14de0)) returned 1 [0169.434] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0169.434] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6j_RA.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\6j_ra.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6j_RA.csv.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\6j_ra.csv.encrypted")) returned 1 [0169.435] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7Qln-Obr.pptx", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7Qln-Obr.pptx", lpFilePart=0x0) returned 0x35 [0169.435] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0169.435] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7Qln-Obr.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7qln-obr.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.436] GetFileType (hFile=0x4d0) returned 0x1 [0169.436] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0169.436] GetFileType (hFile=0x4d0) returned 0x1 [0169.436] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0x92fe [0169.436] ReadFile (in: hFile=0x4d0, lpBuffer=0x24e36c0, nNumberOfBytesToRead=0x92fe, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x24e36c0*, lpNumberOfBytesRead=0x3fe9a4*=0x92fe, lpOverlapped=0x0) returned 1 [0169.438] CloseHandle (hObject=0x4d0) returned 1 [0169.454] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0169.454] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0169.454] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0169.454] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0169.454] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7Qln-Obr.pptx", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7Qln-Obr.pptx", lpFilePart=0x0) returned 0x35 [0169.454] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0169.454] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7Qln-Obr.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7qln-obr.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.455] GetFileType (hFile=0x4d0) returned 0x1 [0169.455] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0169.455] GetFileType (hFile=0x4d0) returned 0x1 [0169.455] WriteFile (in: hFile=0x4d0, lpBuffer=0x255e4cc*, nNumberOfBytesToWrite=0x9300, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x255e4cc*, lpNumberOfBytesWritten=0x3fe994*=0x9300, lpOverlapped=0x0) returned 1 [0169.457] CloseHandle (hObject=0x4d0) returned 1 [0169.461] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7Qln-Obr.pptx", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7Qln-Obr.pptx", lpFilePart=0x0) returned 0x35 [0169.461] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7Qln-Obr.pptx.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7Qln-Obr.pptx.encrypted", lpFilePart=0x0) returned 0x3f [0169.461] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0169.461] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7Qln-Obr.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7qln-obr.pptx"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f1a4660, ftCreationTime.dwHighDateTime=0x1d5b30a, ftLastAccessTime.dwLowDateTime=0x5212dd80, ftLastAccessTime.dwHighDateTime=0x1d59927, ftLastWriteTime.dwLowDateTime=0x198714c0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x9300)) returned 1 [0169.461] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0169.461] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7Qln-Obr.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7qln-obr.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7Qln-Obr.pptx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7qln-obr.pptx.encrypted")) returned 1 [0169.464] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\99gL.pptx", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\99gL.pptx", lpFilePart=0x0) returned 0x31 [0169.464] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0169.464] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\99gL.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\99gl.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.466] GetFileType (hFile=0x4d0) returned 0x1 [0169.466] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0169.466] GetFileType (hFile=0x4d0) returned 0x1 [0169.466] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0x12320 [0169.466] ReadFile (in: hFile=0x4d0, lpBuffer=0x2567c98, nNumberOfBytesToRead=0x12320, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x2567c98*, lpNumberOfBytesRead=0x3fe9a4*=0x12320, lpOverlapped=0x0) returned 1 [0169.468] CloseHandle (hObject=0x4d0) returned 1 [0169.485] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0169.485] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0169.485] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0169.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0169.485] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\99gL.pptx", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\99gL.pptx", lpFilePart=0x0) returned 0x31 [0169.485] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0169.485] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\99gL.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\99gl.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.486] GetFileType (hFile=0x4d0) returned 0x1 [0169.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0169.486] GetFileType (hFile=0x4d0) returned 0x1 [0169.486] WriteFile (in: hFile=0x4d0, lpBuffer=0x25eb3e8*, nNumberOfBytesToWrite=0x12330, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x25eb3e8*, lpNumberOfBytesWritten=0x3fe994*=0x12330, lpOverlapped=0x0) returned 1 [0169.488] CloseHandle (hObject=0x4d0) returned 1 [0169.492] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\99gL.pptx", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\99gL.pptx", lpFilePart=0x0) returned 0x31 [0169.492] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\99gL.pptx.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\99gL.pptx.encrypted", lpFilePart=0x0) returned 0x3b [0169.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0169.492] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\99gL.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\99gl.pptx"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1564ff10, ftCreationTime.dwHighDateTime=0x1d5b571, ftLastAccessTime.dwLowDateTime=0x369d0260, ftLastAccessTime.dwHighDateTime=0x1d5de5a, ftLastWriteTime.dwLowDateTime=0x198bd780, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x12330)) returned 1 [0169.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0169.493] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\99gL.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\99gl.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\99gL.pptx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\99gl.pptx.encrypted")) returned 1 [0169.494] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\d4AuH3B.docx", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\d4AuH3B.docx", lpFilePart=0x0) returned 0x34 [0169.494] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0169.494] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\d4AuH3B.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\d4auh3b.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.496] GetFileType (hFile=0x4d0) returned 0x1 [0169.496] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0169.496] GetFileType (hFile=0x4d0) returned 0x1 [0169.496] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0x12059 [0169.496] ReadFile (in: hFile=0x4d0, lpBuffer=0x25fdbcc, nNumberOfBytesToRead=0x12059, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x25fdbcc*, lpNumberOfBytesRead=0x3fe9a4*=0x12059, lpOverlapped=0x0) returned 1 [0169.498] CloseHandle (hObject=0x4d0) returned 1 [0169.515] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0169.515] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0169.515] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0169.515] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0169.515] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\d4AuH3B.docx", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\d4AuH3B.docx", lpFilePart=0x0) returned 0x34 [0169.515] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0169.515] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\d4AuH3B.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\d4auh3b.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.516] GetFileType (hFile=0x4d0) returned 0x1 [0169.516] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0169.516] GetFileType (hFile=0x4d0) returned 0x1 [0169.517] WriteFile (in: hFile=0x4d0, lpBuffer=0x2680ab0*, nNumberOfBytesToWrite=0x12060, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x2680ab0*, lpNumberOfBytesWritten=0x3fe994*=0x12060, lpOverlapped=0x0) returned 1 [0169.519] CloseHandle (hObject=0x4d0) returned 1 [0169.520] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\d4AuH3B.docx", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\d4AuH3B.docx", lpFilePart=0x0) returned 0x34 [0169.520] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\d4AuH3B.docx.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\d4AuH3B.docx.encrypted", lpFilePart=0x0) returned 0x3e [0169.520] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0169.520] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\d4AuH3B.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\d4auh3b.docx"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x151ea8a0, ftCreationTime.dwHighDateTime=0x1d57b18, ftLastAccessTime.dwLowDateTime=0x1b6e86e0, ftLastAccessTime.dwHighDateTime=0x1d5c02c, ftLastWriteTime.dwLowDateTime=0x198e38e0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x12060)) returned 1 [0169.520] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0169.520] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\d4AuH3B.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\d4auh3b.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\d4AuH3B.docx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\d4auh3b.docx.encrypted")) returned 1 [0169.522] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G2VYNULlRp1dGEM.pptx", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G2VYNULlRp1dGEM.pptx", lpFilePart=0x0) returned 0x3c [0169.522] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0169.522] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G2VYNULlRp1dGEM.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\g2vynullrp1dgem.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.522] GetFileType (hFile=0x4d0) returned 0x1 [0169.522] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0169.523] GetFileType (hFile=0x4d0) returned 0x1 [0169.523] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0x9268 [0169.523] ReadFile (in: hFile=0x4d0, lpBuffer=0x2693024, nNumberOfBytesToRead=0x9268, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x2693024*, lpNumberOfBytesRead=0x3fe9a4*=0x9268, lpOverlapped=0x0) returned 1 [0169.525] CloseHandle (hObject=0x4d0) returned 1 [0169.547] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0169.547] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0169.547] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0169.548] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0169.548] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G2VYNULlRp1dGEM.pptx", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G2VYNULlRp1dGEM.pptx", lpFilePart=0x0) returned 0x3c [0169.548] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0169.548] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G2VYNULlRp1dGEM.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\g2vynullrp1dgem.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.549] GetFileType (hFile=0x4d0) returned 0x1 [0169.549] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0169.549] GetFileType (hFile=0x4d0) returned 0x1 [0169.549] WriteFile (in: hFile=0x4d0, lpBuffer=0x270da00*, nNumberOfBytesToWrite=0x9270, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x270da00*, lpNumberOfBytesWritten=0x3fe994*=0x9270, lpOverlapped=0x0) returned 1 [0169.550] CloseHandle (hObject=0x4d0) returned 1 [0169.554] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G2VYNULlRp1dGEM.pptx", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G2VYNULlRp1dGEM.pptx", lpFilePart=0x0) returned 0x3c [0169.554] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G2VYNULlRp1dGEM.pptx.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G2VYNULlRp1dGEM.pptx.encrypted", lpFilePart=0x0) returned 0x46 [0169.554] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0169.554] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G2VYNULlRp1dGEM.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\g2vynullrp1dgem.pptx"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a04e110, ftCreationTime.dwHighDateTime=0x1d5aa34, ftLastAccessTime.dwLowDateTime=0x946de260, ftLastAccessTime.dwHighDateTime=0x1d5a043, ftLastWriteTime.dwLowDateTime=0x19955d00, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x9270)) returned 1 [0169.554] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0169.554] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G2VYNULlRp1dGEM.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\g2vynullrp1dgem.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\G2VYNULlRp1dGEM.pptx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\g2vynullrp1dgem.pptx.encrypted")) returned 1 [0169.557] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\g6fYp_Iq2J0.docx", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\g6fYp_Iq2J0.docx", lpFilePart=0x0) returned 0x38 [0169.557] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0169.557] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\g6fYp_Iq2J0.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\g6fyp_iq2j0.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.557] GetFileType (hFile=0x4d0) returned 0x1 [0169.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0169.557] GetFileType (hFile=0x4d0) returned 0x1 [0169.557] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0x13df5 [0169.558] ReadFile (in: hFile=0x4d0, lpBuffer=0x27171ac, nNumberOfBytesToRead=0x13df5, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x27171ac*, lpNumberOfBytesRead=0x3fe9a4*=0x13df5, lpOverlapped=0x0) returned 1 [0169.573] CloseHandle (hObject=0x4d0) returned 1 [0169.595] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0169.595] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0169.595] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0169.596] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0169.596] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\g6fYp_Iq2J0.docx", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\g6fYp_Iq2J0.docx", lpFilePart=0x0) returned 0x38 [0169.596] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0169.596] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\g6fYp_Iq2J0.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\g6fyp_iq2j0.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.597] GetFileType (hFile=0x4d0) returned 0x1 [0169.597] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0169.597] GetFileType (hFile=0x4d0) returned 0x1 [0169.597] WriteFile (in: hFile=0x4d0, lpBuffer=0x279f970*, nNumberOfBytesToWrite=0x13e00, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x279f970*, lpNumberOfBytesWritten=0x3fe994*=0x13e00, lpOverlapped=0x0) returned 1 [0169.599] CloseHandle (hObject=0x4d0) returned 1 [0169.601] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\g6fYp_Iq2J0.docx", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\g6fYp_Iq2J0.docx", lpFilePart=0x0) returned 0x38 [0169.601] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\g6fYp_Iq2J0.docx.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\g6fYp_Iq2J0.docx.encrypted", lpFilePart=0x0) returned 0x42 [0169.601] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0169.601] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\g6fYp_Iq2J0.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\g6fyp_iq2j0.docx"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xafa9a610, ftCreationTime.dwHighDateTime=0x1d5d282, ftLastAccessTime.dwLowDateTime=0x756b310, ftLastAccessTime.dwHighDateTime=0x1d580eb, ftLastWriteTime.dwLowDateTime=0x199c8120, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x13e00)) returned 1 [0169.601] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0169.601] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\g6fYp_Iq2J0.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\g6fyp_iq2j0.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\g6fYp_Iq2J0.docx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\g6fyp_iq2j0.docx.encrypted")) returned 1 [0169.602] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JvdtKAy8y.pptx", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JvdtKAy8y.pptx", lpFilePart=0x0) returned 0x36 [0169.602] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0169.603] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JvdtKAy8y.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jvdtkay8y.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.603] GetFileType (hFile=0x4d0) returned 0x1 [0169.603] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0169.603] GetFileType (hFile=0x4d0) returned 0x1 [0169.603] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0x15ae5 [0169.604] ReadFile (in: hFile=0x4d0, lpBuffer=0x3ddd720, nNumberOfBytesToRead=0x15ae5, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x3ddd720*, lpNumberOfBytesRead=0x3fe9a4*=0x15ae5, lpOverlapped=0x0) returned 1 [0169.606] CloseHandle (hObject=0x4d0) returned 1 [0169.630] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0169.630] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0169.630] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0169.630] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0169.630] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JvdtKAy8y.pptx", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JvdtKAy8y.pptx", lpFilePart=0x0) returned 0x36 [0169.630] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0169.630] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JvdtKAy8y.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jvdtkay8y.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.631] GetFileType (hFile=0x4d0) returned 0x1 [0169.632] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0169.632] GetFileType (hFile=0x4d0) returned 0x1 [0169.632] WriteFile (in: hFile=0x4d0, lpBuffer=0x3e49e08*, nNumberOfBytesToWrite=0x15af0, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x3e49e08*, lpNumberOfBytesWritten=0x3fe994*=0x15af0, lpOverlapped=0x0) returned 1 [0169.634] CloseHandle (hObject=0x4d0) returned 1 [0169.638] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JvdtKAy8y.pptx", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JvdtKAy8y.pptx", lpFilePart=0x0) returned 0x36 [0169.638] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JvdtKAy8y.pptx.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JvdtKAy8y.pptx.encrypted", lpFilePart=0x0) returned 0x40 [0169.638] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0169.638] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JvdtKAy8y.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jvdtkay8y.pptx"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb5bcf0, ftCreationTime.dwHighDateTime=0x1d5b8a0, ftLastAccessTime.dwLowDateTime=0x2d928110, ftLastAccessTime.dwHighDateTime=0x1d56b1c, ftLastWriteTime.dwLowDateTime=0x19a143e0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x15af0)) returned 1 [0169.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0169.638] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JvdtKAy8y.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jvdtkay8y.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\JvdtKAy8y.pptx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\jvdtkay8y.pptx.encrypted")) returned 1 [0169.639] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\KNGyRf7.rtf", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\KNGyRf7.rtf", lpFilePart=0x0) returned 0x33 [0169.639] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0169.639] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\KNGyRf7.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\kngyrf7.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.639] GetFileType (hFile=0x4d0) returned 0x1 [0169.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0169.639] GetFileType (hFile=0x4d0) returned 0x1 [0169.639] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0xb80e [0169.640] ReadFile (in: hFile=0x4d0, lpBuffer=0x2800f20, nNumberOfBytesToRead=0xb80e, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x2800f20*, lpNumberOfBytesRead=0x3fe9a4*=0xb80e, lpOverlapped=0x0) returned 1 [0169.642] CloseHandle (hObject=0x4d0) returned 1 [0169.662] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0169.662] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0169.662] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0169.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0169.662] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\KNGyRf7.rtf", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\KNGyRf7.rtf", lpFilePart=0x0) returned 0x33 [0169.662] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0169.663] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\KNGyRf7.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\kngyrf7.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.664] GetFileType (hFile=0x4d0) returned 0x1 [0169.664] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0169.664] GetFileType (hFile=0x4d0) returned 0x1 [0169.664] WriteFile (in: hFile=0x4d0, lpBuffer=0x2870514*, nNumberOfBytesToWrite=0xb810, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x2870514*, lpNumberOfBytesWritten=0x3fe994*=0xb810, lpOverlapped=0x0) returned 1 [0169.665] CloseHandle (hObject=0x4d0) returned 1 [0169.669] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\KNGyRf7.rtf", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\KNGyRf7.rtf", lpFilePart=0x0) returned 0x33 [0169.669] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\KNGyRf7.rtf.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\KNGyRf7.rtf.encrypted", lpFilePart=0x0) returned 0x3d [0169.669] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0169.669] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\KNGyRf7.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\kngyrf7.rtf"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27af7c80, ftCreationTime.dwHighDateTime=0x1d5dfe3, ftLastAccessTime.dwLowDateTime=0xf11546c0, ftLastAccessTime.dwHighDateTime=0x1d5dd60, ftLastWriteTime.dwLowDateTime=0x19a606a0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0xb810)) returned 1 [0169.669] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0169.669] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\KNGyRf7.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\kngyrf7.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\KNGyRf7.rtf.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\kngyrf7.rtf.encrypted")) returned 1 [0169.671] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MI100KI06dECQ-OFr.docx", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MI100KI06dECQ-OFr.docx", lpFilePart=0x0) returned 0x3e [0169.671] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0169.671] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MI100KI06dECQ-OFr.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mi100ki06decq-ofr.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.671] GetFileType (hFile=0x4d0) returned 0x1 [0169.671] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0169.671] GetFileType (hFile=0x4d0) returned 0x1 [0169.671] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0x42e0 [0169.672] ReadFile (in: hFile=0x4d0, lpBuffer=0x287c214, nNumberOfBytesToRead=0x42e0, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x287c214*, lpNumberOfBytesRead=0x3fe9a4*=0x42e0, lpOverlapped=0x0) returned 1 [0169.673] CloseHandle (hObject=0x4d0) returned 1 [0169.690] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0169.690] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0169.690] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0169.691] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0169.691] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MI100KI06dECQ-OFr.docx", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MI100KI06dECQ-OFr.docx", lpFilePart=0x0) returned 0x3e [0169.691] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0169.691] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MI100KI06dECQ-OFr.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mi100ki06decq-ofr.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.692] GetFileType (hFile=0x4d0) returned 0x1 [0169.692] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0169.692] GetFileType (hFile=0x4d0) returned 0x1 [0169.692] WriteFile (in: hFile=0x4d0, lpBuffer=0x28dde70*, nNumberOfBytesToWrite=0x42f0, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x28dde70*, lpNumberOfBytesWritten=0x3fe994*=0x42f0, lpOverlapped=0x0) returned 1 [0169.693] CloseHandle (hObject=0x4d0) returned 1 [0169.695] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MI100KI06dECQ-OFr.docx", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MI100KI06dECQ-OFr.docx", lpFilePart=0x0) returned 0x3e [0169.695] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MI100KI06dECQ-OFr.docx.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MI100KI06dECQ-OFr.docx.encrypted", lpFilePart=0x0) returned 0x48 [0169.695] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0169.695] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MI100KI06dECQ-OFr.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mi100ki06decq-ofr.docx"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcb079950, ftCreationTime.dwHighDateTime=0x1d5778b, ftLastAccessTime.dwLowDateTime=0xa1cce870, ftLastAccessTime.dwHighDateTime=0x1d5a9d0, ftLastWriteTime.dwLowDateTime=0x19aac960, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x42f0)) returned 1 [0169.695] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0169.695] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MI100KI06dECQ-OFr.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mi100ki06decq-ofr.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MI100KI06dECQ-OFr.docx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mi100ki06decq-ofr.docx.encrypted")) returned 1 [0169.696] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\N-RC1ehvHIL.pptx", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\N-RC1ehvHIL.pptx", lpFilePart=0x0) returned 0x38 [0169.696] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0169.696] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\N-RC1ehvHIL.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\n-rc1ehvhil.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.697] GetFileType (hFile=0x4d0) returned 0x1 [0169.697] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0169.697] GetFileType (hFile=0x4d0) returned 0x1 [0169.697] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0xcaa4 [0169.698] ReadFile (in: hFile=0x4d0, lpBuffer=0x28e26b0, nNumberOfBytesToRead=0xcaa4, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x28e26b0*, lpNumberOfBytesRead=0x3fe9a4*=0xcaa4, lpOverlapped=0x0) returned 1 [0169.699] CloseHandle (hObject=0x4d0) returned 1 [0169.718] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0169.718] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0169.718] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0169.719] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0169.719] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\N-RC1ehvHIL.pptx", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\N-RC1ehvHIL.pptx", lpFilePart=0x0) returned 0x38 [0169.719] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0169.719] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\N-RC1ehvHIL.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\n-rc1ehvhil.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.720] GetFileType (hFile=0x4d0) returned 0x1 [0169.720] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0169.720] GetFileType (hFile=0x4d0) returned 0x1 [0169.720] WriteFile (in: hFile=0x4d0, lpBuffer=0x2955480*, nNumberOfBytesToWrite=0xcab0, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x2955480*, lpNumberOfBytesWritten=0x3fe994*=0xcab0, lpOverlapped=0x0) returned 1 [0169.721] CloseHandle (hObject=0x4d0) returned 1 [0169.723] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\N-RC1ehvHIL.pptx", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\N-RC1ehvHIL.pptx", lpFilePart=0x0) returned 0x38 [0169.723] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\N-RC1ehvHIL.pptx.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\N-RC1ehvHIL.pptx.encrypted", lpFilePart=0x0) returned 0x42 [0169.723] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0169.723] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\N-RC1ehvHIL.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\n-rc1ehvhil.pptx"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8bd18320, ftCreationTime.dwHighDateTime=0x1d5e547, ftLastAccessTime.dwLowDateTime=0x6039a4c0, ftLastAccessTime.dwHighDateTime=0x1d587f7, ftLastWriteTime.dwLowDateTime=0x19ad2ac0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0xcab0)) returned 1 [0169.723] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0169.723] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\N-RC1ehvHIL.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\n-rc1ehvhil.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\N-RC1ehvHIL.pptx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\n-rc1ehvhil.pptx.encrypted")) returned 1 [0169.733] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OPneRizEsCfw.xlsx", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OPneRizEsCfw.xlsx", lpFilePart=0x0) returned 0x39 [0169.733] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0169.733] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OPneRizEsCfw.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\opnerizescfw.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.733] GetFileType (hFile=0x4d0) returned 0x1 [0169.733] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0169.733] GetFileType (hFile=0x4d0) returned 0x1 [0169.733] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0xab87 [0169.734] ReadFile (in: hFile=0x4d0, lpBuffer=0x2962444, nNumberOfBytesToRead=0xab87, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x2962444*, lpNumberOfBytesRead=0x3fe9a4*=0xab87, lpOverlapped=0x0) returned 1 [0169.736] CloseHandle (hObject=0x4d0) returned 1 [0169.757] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0169.757] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0169.757] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0169.757] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0169.758] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OPneRizEsCfw.xlsx", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OPneRizEsCfw.xlsx", lpFilePart=0x0) returned 0x39 [0169.758] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0169.758] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OPneRizEsCfw.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\opnerizescfw.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.759] GetFileType (hFile=0x4d0) returned 0x1 [0169.759] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0169.759] GetFileType (hFile=0x4d0) returned 0x1 [0169.759] WriteFile (in: hFile=0x4d0, lpBuffer=0x29cf4b8*, nNumberOfBytesToWrite=0xab90, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x29cf4b8*, lpNumberOfBytesWritten=0x3fe994*=0xab90, lpOverlapped=0x0) returned 1 [0169.760] CloseHandle (hObject=0x4d0) returned 1 [0169.762] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OPneRizEsCfw.xlsx", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OPneRizEsCfw.xlsx", lpFilePart=0x0) returned 0x39 [0169.762] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OPneRizEsCfw.xlsx.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OPneRizEsCfw.xlsx.encrypted", lpFilePart=0x0) returned 0x43 [0169.762] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0169.762] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OPneRizEsCfw.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\opnerizescfw.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc68589e0, ftCreationTime.dwHighDateTime=0x1d5e2c6, ftLastAccessTime.dwLowDateTime=0x59d6a790, ftLastAccessTime.dwHighDateTime=0x1d55fca, ftLastWriteTime.dwLowDateTime=0x19b44ee0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0xab90)) returned 1 [0169.762] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0169.762] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OPneRizEsCfw.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\opnerizescfw.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OPneRizEsCfw.xlsx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\opnerizescfw.xlsx.encrypted")) returned 1 [0169.763] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\sJW8oaoLJG3YP34WrevM.xlsx", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\sJW8oaoLJG3YP34WrevM.xlsx", lpFilePart=0x0) returned 0x41 [0169.763] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0169.763] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\sJW8oaoLJG3YP34WrevM.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\sjw8oaoljg3yp34wrevm.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.764] GetFileType (hFile=0x4d0) returned 0x1 [0169.764] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0169.764] GetFileType (hFile=0x4d0) returned 0x1 [0169.764] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0xeefe [0169.765] ReadFile (in: hFile=0x4d0, lpBuffer=0x29da57c, nNumberOfBytesToRead=0xeefe, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x29da57c*, lpNumberOfBytesRead=0x3fe9a4*=0xeefe, lpOverlapped=0x0) returned 1 [0169.815] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0169.815] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0169.815] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0169.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0169.815] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\sJW8oaoLJG3YP34WrevM.xlsx", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\sJW8oaoLJG3YP34WrevM.xlsx", lpFilePart=0x0) returned 0x41 [0169.815] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0169.815] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\sJW8oaoLJG3YP34WrevM.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\sjw8oaoljg3yp34wrevm.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.816] GetFileType (hFile=0x4d0) returned 0x1 [0169.816] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0169.816] GetFileType (hFile=0x4d0) returned 0x1 [0169.816] WriteFile (in: hFile=0x4d0, lpBuffer=0x254b620*, nNumberOfBytesToWrite=0xef00, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x254b620*, lpNumberOfBytesWritten=0x3fe994*=0xef00, lpOverlapped=0x0) returned 1 [0169.819] CloseHandle (hObject=0x4d0) returned 1 [0169.820] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\sJW8oaoLJG3YP34WrevM.xlsx", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\sJW8oaoLJG3YP34WrevM.xlsx", lpFilePart=0x0) returned 0x41 [0169.820] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\sJW8oaoLJG3YP34WrevM.xlsx.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\sJW8oaoLJG3YP34WrevM.xlsx.encrypted", lpFilePart=0x0) returned 0x4b [0169.820] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0169.820] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\sJW8oaoLJG3YP34WrevM.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\sjw8oaoljg3yp34wrevm.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf019c510, ftCreationTime.dwHighDateTime=0x1d55d82, ftLastAccessTime.dwLowDateTime=0x8ecfe920, ftLastAccessTime.dwHighDateTime=0x1d5613c, ftLastWriteTime.dwLowDateTime=0x19bdd460, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0xef00)) returned 1 [0169.820] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0169.820] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\sJW8oaoLJG3YP34WrevM.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\sjw8oaoljg3yp34wrevm.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\sJW8oaoLJG3YP34WrevM.xlsx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\sjw8oaoljg3yp34wrevm.xlsx.encrypted")) returned 1 [0169.821] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Vc5FB54HT.xlsx", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Vc5FB54HT.xlsx", lpFilePart=0x0) returned 0x36 [0169.821] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0169.821] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Vc5FB54HT.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vc5fb54ht.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.822] GetFileType (hFile=0x4d0) returned 0x1 [0169.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0169.822] GetFileType (hFile=0x4d0) returned 0x1 [0169.822] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0xd362 [0169.822] ReadFile (in: hFile=0x4d0, lpBuffer=0x255aa7c, nNumberOfBytesToRead=0xd362, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x255aa7c*, lpNumberOfBytesRead=0x3fe9a4*=0xd362, lpOverlapped=0x0) returned 1 [0169.824] CloseHandle (hObject=0x4d0) returned 1 [0169.840] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0169.840] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0169.840] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0169.840] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0169.840] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Vc5FB54HT.xlsx", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Vc5FB54HT.xlsx", lpFilePart=0x0) returned 0x36 [0169.840] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0169.841] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Vc5FB54HT.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vc5fb54ht.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.842] GetFileType (hFile=0x4d0) returned 0x1 [0169.842] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0169.842] GetFileType (hFile=0x4d0) returned 0x1 [0169.842] WriteFile (in: hFile=0x4d0, lpBuffer=0x25cf3ec*, nNumberOfBytesToWrite=0xd370, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x25cf3ec*, lpNumberOfBytesWritten=0x3fe994*=0xd370, lpOverlapped=0x0) returned 1 [0169.843] CloseHandle (hObject=0x4d0) returned 1 [0169.845] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Vc5FB54HT.xlsx", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Vc5FB54HT.xlsx", lpFilePart=0x0) returned 0x36 [0169.845] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Vc5FB54HT.xlsx.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Vc5FB54HT.xlsx.encrypted", lpFilePart=0x0) returned 0x40 [0169.845] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0169.845] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Vc5FB54HT.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vc5fb54ht.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde0824e0, ftCreationTime.dwHighDateTime=0x1d5764e, ftLastAccessTime.dwLowDateTime=0x738f83b0, ftLastAccessTime.dwHighDateTime=0x1d59499, ftLastWriteTime.dwLowDateTime=0x19c035c0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0xd370)) returned 1 [0169.845] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0169.845] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Vc5FB54HT.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vc5fb54ht.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Vc5FB54HT.xlsx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vc5fb54ht.xlsx.encrypted")) returned 1 [0169.846] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vq0DOQYbOerhfDd_sZsV.docx", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vq0DOQYbOerhfDd_sZsV.docx", lpFilePart=0x0) returned 0x41 [0169.846] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0169.846] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vq0DOQYbOerhfDd_sZsV.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vq0doqyboerhfdd_szsv.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.847] GetFileType (hFile=0x4d0) returned 0x1 [0169.847] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0169.847] GetFileType (hFile=0x4d0) returned 0x1 [0169.847] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0xb2f2 [0169.847] ReadFile (in: hFile=0x4d0, lpBuffer=0x25dcc7c, nNumberOfBytesToRead=0xb2f2, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x25dcc7c*, lpNumberOfBytesRead=0x3fe9a4*=0xb2f2, lpOverlapped=0x0) returned 1 [0169.849] CloseHandle (hObject=0x4d0) returned 1 [0169.864] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0169.864] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0169.864] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0169.864] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0169.865] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vq0DOQYbOerhfDd_sZsV.docx", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vq0DOQYbOerhfDd_sZsV.docx", lpFilePart=0x0) returned 0x41 [0169.865] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0169.865] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vq0DOQYbOerhfDd_sZsV.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vq0doqyboerhfdd_szsv.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.869] GetFileType (hFile=0x4d0) returned 0x1 [0169.869] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0169.869] GetFileType (hFile=0x4d0) returned 0x1 [0169.869] WriteFile (in: hFile=0x4d0, lpBuffer=0x264b340*, nNumberOfBytesToWrite=0xb300, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x264b340*, lpNumberOfBytesWritten=0x3fe994*=0xb300, lpOverlapped=0x0) returned 1 [0169.871] CloseHandle (hObject=0x4d0) returned 1 [0169.872] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vq0DOQYbOerhfDd_sZsV.docx", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vq0DOQYbOerhfDd_sZsV.docx", lpFilePart=0x0) returned 0x41 [0169.872] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vq0DOQYbOerhfDd_sZsV.docx.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vq0DOQYbOerhfDd_sZsV.docx.encrypted", lpFilePart=0x0) returned 0x4b [0169.873] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0169.873] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vq0DOQYbOerhfDd_sZsV.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vq0doqyboerhfdd_szsv.docx"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15c2aeb0, ftCreationTime.dwHighDateTime=0x1d59791, ftLastAccessTime.dwLowDateTime=0x2be1940, ftLastAccessTime.dwHighDateTime=0x1d5906f, ftLastWriteTime.dwLowDateTime=0x19c4f880, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0xb300)) returned 1 [0169.873] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0169.873] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vq0DOQYbOerhfDd_sZsV.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vq0doqyboerhfdd_szsv.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vq0DOQYbOerhfDd_sZsV.docx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vq0doqyboerhfdd_szsv.docx.encrypted")) returned 1 [0169.874] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Zck2UsisaP9Cfi.xlsx", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Zck2UsisaP9Cfi.xlsx", lpFilePart=0x0) returned 0x3b [0169.874] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0169.874] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Zck2UsisaP9Cfi.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zck2usisap9cfi.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.874] GetFileType (hFile=0x4d0) returned 0x1 [0169.874] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0169.874] GetFileType (hFile=0x4d0) returned 0x1 [0169.874] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0x932c [0169.874] ReadFile (in: hFile=0x4d0, lpBuffer=0x2656bac, nNumberOfBytesToRead=0x932c, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x2656bac*, lpNumberOfBytesRead=0x3fe9a4*=0x932c, lpOverlapped=0x0) returned 1 [0169.928] CloseHandle (hObject=0x4d0) returned 1 [0169.945] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0169.945] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0169.945] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0169.945] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0169.945] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Zck2UsisaP9Cfi.xlsx", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Zck2UsisaP9Cfi.xlsx", lpFilePart=0x0) returned 0x3b [0169.945] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0169.945] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Zck2UsisaP9Cfi.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zck2usisap9cfi.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.946] GetFileType (hFile=0x4d0) returned 0x1 [0169.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0169.946] GetFileType (hFile=0x4d0) returned 0x1 [0169.946] WriteFile (in: hFile=0x4d0, lpBuffer=0x26d1948*, nNumberOfBytesToWrite=0x9330, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x26d1948*, lpNumberOfBytesWritten=0x3fe994*=0x9330, lpOverlapped=0x0) returned 1 [0169.948] CloseHandle (hObject=0x4d0) returned 1 [0169.949] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Zck2UsisaP9Cfi.xlsx", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Zck2UsisaP9Cfi.xlsx", lpFilePart=0x0) returned 0x3b [0169.949] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Zck2UsisaP9Cfi.xlsx.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Zck2UsisaP9Cfi.xlsx.encrypted", lpFilePart=0x0) returned 0x45 [0169.949] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0169.949] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Zck2UsisaP9Cfi.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zck2usisap9cfi.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa77775d0, ftCreationTime.dwHighDateTime=0x1d58403, ftLastAccessTime.dwLowDateTime=0xc8fa5730, ftLastAccessTime.dwHighDateTime=0x1d57338, ftLastWriteTime.dwLowDateTime=0x19d0df60, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x9330)) returned 1 [0169.949] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0169.949] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Zck2UsisaP9Cfi.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zck2usisap9cfi.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Zck2UsisaP9Cfi.xlsx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zck2usisap9cfi.xlsx.encrypted")) returned 1 [0169.950] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZVcK2BPc6fQ1Q7V.docx", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZVcK2BPc6fQ1Q7V.docx", lpFilePart=0x0) returned 0x3c [0169.950] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0169.950] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZVcK2BPc6fQ1Q7V.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zvck2bpc6fq1q7v.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0169.951] GetFileType (hFile=0x4d0) returned 0x1 [0169.951] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0169.951] GetFileType (hFile=0x4d0) returned 0x1 [0169.951] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0x31ea [0169.951] ReadFile (in: hFile=0x4d0, lpBuffer=0x26db1b0, nNumberOfBytesToRead=0x31ea, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x26db1b0*, lpNumberOfBytesRead=0x3fe9a4*=0x31ea, lpOverlapped=0x0) returned 1 [0169.953] CloseHandle (hObject=0x4d0) returned 1 [0170.000] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0170.000] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0170.000] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0170.000] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0170.000] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZVcK2BPc6fQ1Q7V.docx", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZVcK2BPc6fQ1Q7V.docx", lpFilePart=0x0) returned 0x3c [0170.000] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0170.000] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZVcK2BPc6fQ1Q7V.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zvck2bpc6fq1q7v.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.002] GetFileType (hFile=0x4d0) returned 0x1 [0170.002] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0170.002] GetFileType (hFile=0x4d0) returned 0x1 [0170.002] WriteFile (in: hFile=0x4d0, lpBuffer=0x252b924*, nNumberOfBytesToWrite=0x31f0, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x252b924*, lpNumberOfBytesWritten=0x3fe994*=0x31f0, lpOverlapped=0x0) returned 1 [0170.003] CloseHandle (hObject=0x4d0) returned 1 [0170.004] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZVcK2BPc6fQ1Q7V.docx", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZVcK2BPc6fQ1Q7V.docx", lpFilePart=0x0) returned 0x3c [0170.004] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZVcK2BPc6fQ1Q7V.docx.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZVcK2BPc6fQ1Q7V.docx.encrypted", lpFilePart=0x0) returned 0x46 [0170.004] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0170.004] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZVcK2BPc6fQ1Q7V.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zvck2bpc6fq1q7v.docx"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d0cb620, ftCreationTime.dwHighDateTime=0x1d5b0b3, ftLastAccessTime.dwLowDateTime=0x6d863250, ftLastAccessTime.dwHighDateTime=0x1d5e3d8, ftLastWriteTime.dwLowDateTime=0x19d80380, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x31f0)) returned 1 [0170.004] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0170.004] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZVcK2BPc6fQ1Q7V.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zvck2bpc6fq1q7v.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZVcK2BPc6fQ1Q7V.docx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zvck2bpc6fq1q7v.docx.encrypted")) returned 1 [0170.006] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe9c8) returned 1 [0170.006] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D", lpFilePart=0x0) returned 0x2c [0170.006] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\", nBufferLength=0x105, lpBuffer=0x3fe4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\", lpFilePart=0x0) returned 0x2d [0170.006] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\*", lpFindFileData=0x3fe6f0 | out: lpFindFileData=0x3fe6f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x95e8b0c0, ftCreationTime.dwHighDateTime=0x1d5e319, ftLastAccessTime.dwLowDateTime=0xd027a4d0, ftLastAccessTime.dwHighDateTime=0x1d5e2d8, ftLastWriteTime.dwLowDateTime=0xd027a4d0, ftLastWriteTime.dwHighDateTime=0x1d5e2d8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x57c578 [0170.009] FindNextFileW (in: hFindFile=0x57c578, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x95e8b0c0, ftCreationTime.dwHighDateTime=0x1d5e319, ftLastAccessTime.dwLowDateTime=0xd027a4d0, ftLastAccessTime.dwHighDateTime=0x1d5e2d8, ftLastWriteTime.dwLowDateTime=0xd027a4d0, ftLastWriteTime.dwHighDateTime=0x1d5e2d8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0170.010] FindNextFileW (in: hFindFile=0x57c578, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x593e26a0, ftCreationTime.dwHighDateTime=0x1d5de46, ftLastAccessTime.dwLowDateTime=0xabb7e350, ftLastAccessTime.dwHighDateTime=0x1d5e1f5, ftLastWriteTime.dwLowDateTime=0xabb7e350, ftLastWriteTime.dwHighDateTime=0x1d5e1f5, nFileSizeHigh=0x0, nFileSizeLow=0xd140, dwReserved0=0x0, dwReserved1=0x0, cFileName="5OMRGKrX0Q.xlsx", cAlternateFileName="5OMRGK~1.XLS")) returned 1 [0170.010] FindNextFileW (in: hFindFile=0x57c578, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89e89bc0, ftCreationTime.dwHighDateTime=0x1d5df9d, ftLastAccessTime.dwLowDateTime=0x9d048310, ftLastAccessTime.dwHighDateTime=0x1d5d974, ftLastWriteTime.dwLowDateTime=0x9d048310, ftLastWriteTime.dwHighDateTime=0x1d5d974, nFileSizeHigh=0x0, nFileSizeLow=0x8efb, dwReserved0=0x0, dwReserved1=0x0, cFileName="65UNhnGcVvR.ods", cAlternateFileName="65UNHN~1.ODS")) returned 1 [0170.010] FindNextFileW (in: hFindFile=0x57c578, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdfae83b0, ftCreationTime.dwHighDateTime=0x1d5df0e, ftLastAccessTime.dwLowDateTime=0x79d93b50, ftLastAccessTime.dwHighDateTime=0x1d5e30c, ftLastWriteTime.dwLowDateTime=0x79d93b50, ftLastWriteTime.dwHighDateTime=0x1d5e30c, nFileSizeHigh=0x0, nFileSizeLow=0x129f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="9CLwu-O6X.pps", cAlternateFileName="9CLWU-~1.PPS")) returned 1 [0170.010] FindNextFileW (in: hFindFile=0x57c578, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46fbd210, ftCreationTime.dwHighDateTime=0x1d5e1e0, ftLastAccessTime.dwLowDateTime=0x302fa5f0, ftLastAccessTime.dwHighDateTime=0x1d5e485, ftLastWriteTime.dwLowDateTime=0x302fa5f0, ftLastWriteTime.dwHighDateTime=0x1d5e485, nFileSizeHigh=0x0, nFileSizeLow=0x17f57, dwReserved0=0x0, dwReserved1=0x0, cFileName="iu _pwjkz6y-Q p_.ppt", cAlternateFileName="IU_PWJ~1.PPT")) returned 1 [0170.010] FindNextFileW (in: hFindFile=0x57c578, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde1fae50, ftCreationTime.dwHighDateTime=0x1d5dc45, ftLastAccessTime.dwLowDateTime=0xcb2a72d0, ftLastAccessTime.dwHighDateTime=0x1d5df42, ftLastWriteTime.dwLowDateTime=0xcb2a72d0, ftLastWriteTime.dwHighDateTime=0x1d5df42, nFileSizeHigh=0x0, nFileSizeLow=0x2ae6, dwReserved0=0x0, dwReserved1=0x0, cFileName="kn5oA0.docx", cAlternateFileName="KN5OA0~1.DOC")) returned 1 [0170.010] FindNextFileW (in: hFindFile=0x57c578, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x853dd2d0, ftCreationTime.dwHighDateTime=0x1d5d812, ftLastAccessTime.dwLowDateTime=0x76189dc0, ftLastAccessTime.dwHighDateTime=0x1d5dba1, ftLastWriteTime.dwLowDateTime=0x76189dc0, ftLastWriteTime.dwHighDateTime=0x1d5dba1, nFileSizeHigh=0x0, nFileSizeLow=0x497e, dwReserved0=0x0, dwReserved1=0x0, cFileName="N4j3SO.pdf", cAlternateFileName="")) returned 1 [0170.011] FindNextFileW (in: hFindFile=0x57c578, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed410e20, ftCreationTime.dwHighDateTime=0x1d5e14e, ftLastAccessTime.dwLowDateTime=0xe5698bb0, ftLastAccessTime.dwHighDateTime=0x1d5da86, ftLastWriteTime.dwLowDateTime=0xe5698bb0, ftLastWriteTime.dwHighDateTime=0x1d5da86, nFileSizeHigh=0x0, nFileSizeLow=0x158c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="PFggkcbkkeGCmwevu20V.pps", cAlternateFileName="PFGGKC~1.PPS")) returned 1 [0170.011] FindNextFileW (in: hFindFile=0x57c578, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa54eca10, ftCreationTime.dwHighDateTime=0x1d5de03, ftLastAccessTime.dwLowDateTime=0xb8cf13e0, ftLastAccessTime.dwHighDateTime=0x1d5dd3d, ftLastWriteTime.dwLowDateTime=0xb8cf13e0, ftLastWriteTime.dwHighDateTime=0x1d5dd3d, nFileSizeHigh=0x0, nFileSizeLow=0xc40e, dwReserved0=0x0, dwReserved1=0x0, cFileName="UVbgFYLv6.doc", cAlternateFileName="UVBGFY~1.DOC")) returned 1 [0170.011] FindNextFileW (in: hFindFile=0x57c578, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0170.011] FindClose (in: hFindFile=0x57c578 | out: hFindFile=0x57c578) returned 1 [0170.015] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe988) returned 1 [0170.016] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe994) returned 1 [0170.016] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe9c8) returned 1 [0170.016] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D", lpFilePart=0x0) returned 0x2c [0170.016] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\", nBufferLength=0x105, lpBuffer=0x3fe4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\", lpFilePart=0x0) returned 0x2d [0170.016] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\*", lpFindFileData=0x3fe6f0 | out: lpFindFileData=0x3fe6f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x95e8b0c0, ftCreationTime.dwHighDateTime=0x1d5e319, ftLastAccessTime.dwLowDateTime=0xd027a4d0, ftLastAccessTime.dwHighDateTime=0x1d5e2d8, ftLastWriteTime.dwLowDateTime=0xd027a4d0, ftLastWriteTime.dwHighDateTime=0x1d5e2d8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x57c578 [0170.017] FindNextFileW (in: hFindFile=0x57c578, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x95e8b0c0, ftCreationTime.dwHighDateTime=0x1d5e319, ftLastAccessTime.dwLowDateTime=0xd027a4d0, ftLastAccessTime.dwHighDateTime=0x1d5e2d8, ftLastWriteTime.dwLowDateTime=0xd027a4d0, ftLastWriteTime.dwHighDateTime=0x1d5e2d8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0170.018] FindNextFileW (in: hFindFile=0x57c578, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x593e26a0, ftCreationTime.dwHighDateTime=0x1d5de46, ftLastAccessTime.dwLowDateTime=0xabb7e350, ftLastAccessTime.dwHighDateTime=0x1d5e1f5, ftLastWriteTime.dwLowDateTime=0xabb7e350, ftLastWriteTime.dwHighDateTime=0x1d5e1f5, nFileSizeHigh=0x0, nFileSizeLow=0xd140, dwReserved0=0x0, dwReserved1=0x0, cFileName="5OMRGKrX0Q.xlsx", cAlternateFileName="5OMRGK~1.XLS")) returned 1 [0170.018] FindNextFileW (in: hFindFile=0x57c578, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89e89bc0, ftCreationTime.dwHighDateTime=0x1d5df9d, ftLastAccessTime.dwLowDateTime=0x9d048310, ftLastAccessTime.dwHighDateTime=0x1d5d974, ftLastWriteTime.dwLowDateTime=0x9d048310, ftLastWriteTime.dwHighDateTime=0x1d5d974, nFileSizeHigh=0x0, nFileSizeLow=0x8efb, dwReserved0=0x0, dwReserved1=0x0, cFileName="65UNhnGcVvR.ods", cAlternateFileName="65UNHN~1.ODS")) returned 1 [0170.018] FindNextFileW (in: hFindFile=0x57c578, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdfae83b0, ftCreationTime.dwHighDateTime=0x1d5df0e, ftLastAccessTime.dwLowDateTime=0x79d93b50, ftLastAccessTime.dwHighDateTime=0x1d5e30c, ftLastWriteTime.dwLowDateTime=0x79d93b50, ftLastWriteTime.dwHighDateTime=0x1d5e30c, nFileSizeHigh=0x0, nFileSizeLow=0x129f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="9CLwu-O6X.pps", cAlternateFileName="9CLWU-~1.PPS")) returned 1 [0170.018] FindNextFileW (in: hFindFile=0x57c578, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46fbd210, ftCreationTime.dwHighDateTime=0x1d5e1e0, ftLastAccessTime.dwLowDateTime=0x302fa5f0, ftLastAccessTime.dwHighDateTime=0x1d5e485, ftLastWriteTime.dwLowDateTime=0x302fa5f0, ftLastWriteTime.dwHighDateTime=0x1d5e485, nFileSizeHigh=0x0, nFileSizeLow=0x17f57, dwReserved0=0x0, dwReserved1=0x0, cFileName="iu _pwjkz6y-Q p_.ppt", cAlternateFileName="IU_PWJ~1.PPT")) returned 1 [0170.019] FindNextFileW (in: hFindFile=0x57c578, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde1fae50, ftCreationTime.dwHighDateTime=0x1d5dc45, ftLastAccessTime.dwLowDateTime=0xcb2a72d0, ftLastAccessTime.dwHighDateTime=0x1d5df42, ftLastWriteTime.dwLowDateTime=0xcb2a72d0, ftLastWriteTime.dwHighDateTime=0x1d5df42, nFileSizeHigh=0x0, nFileSizeLow=0x2ae6, dwReserved0=0x0, dwReserved1=0x0, cFileName="kn5oA0.docx", cAlternateFileName="KN5OA0~1.DOC")) returned 1 [0170.019] FindNextFileW (in: hFindFile=0x57c578, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x853dd2d0, ftCreationTime.dwHighDateTime=0x1d5d812, ftLastAccessTime.dwLowDateTime=0x76189dc0, ftLastAccessTime.dwHighDateTime=0x1d5dba1, ftLastWriteTime.dwLowDateTime=0x76189dc0, ftLastWriteTime.dwHighDateTime=0x1d5dba1, nFileSizeHigh=0x0, nFileSizeLow=0x497e, dwReserved0=0x0, dwReserved1=0x0, cFileName="N4j3SO.pdf", cAlternateFileName="")) returned 1 [0170.019] FindNextFileW (in: hFindFile=0x57c578, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed410e20, ftCreationTime.dwHighDateTime=0x1d5e14e, ftLastAccessTime.dwLowDateTime=0xe5698bb0, ftLastAccessTime.dwHighDateTime=0x1d5da86, ftLastWriteTime.dwLowDateTime=0xe5698bb0, ftLastWriteTime.dwHighDateTime=0x1d5da86, nFileSizeHigh=0x0, nFileSizeLow=0x158c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="PFggkcbkkeGCmwevu20V.pps", cAlternateFileName="PFGGKC~1.PPS")) returned 1 [0170.019] FindNextFileW (in: hFindFile=0x57c578, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa54eca10, ftCreationTime.dwHighDateTime=0x1d5de03, ftLastAccessTime.dwLowDateTime=0xb8cf13e0, ftLastAccessTime.dwHighDateTime=0x1d5dd3d, ftLastWriteTime.dwLowDateTime=0xb8cf13e0, ftLastWriteTime.dwHighDateTime=0x1d5dd3d, nFileSizeHigh=0x0, nFileSizeLow=0xc40e, dwReserved0=0x0, dwReserved1=0x0, cFileName="UVbgFYLv6.doc", cAlternateFileName="UVBGFY~1.DOC")) returned 1 [0170.020] FindNextFileW (in: hFindFile=0x57c578, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa54eca10, ftCreationTime.dwHighDateTime=0x1d5de03, ftLastAccessTime.dwLowDateTime=0xb8cf13e0, ftLastAccessTime.dwHighDateTime=0x1d5dd3d, ftLastWriteTime.dwLowDateTime=0xb8cf13e0, ftLastWriteTime.dwHighDateTime=0x1d5dd3d, nFileSizeHigh=0x0, nFileSizeLow=0xc40e, dwReserved0=0x0, dwReserved1=0x0, cFileName="UVbgFYLv6.doc", cAlternateFileName="UVBGFY~1.DOC")) returned 0 [0170.020] FindClose (in: hFindFile=0x57c578 | out: hFindFile=0x57c578) returned 1 [0170.021] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe988) returned 1 [0170.021] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe994) returned 1 [0170.021] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\5OMRGKrX0Q.xlsx", nBufferLength=0x105, lpBuffer=0x3fe3bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\5OMRGKrX0Q.xlsx", lpFilePart=0x0) returned 0x3c [0170.021] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0170.021] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\5OMRGKrX0Q.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fd6d\\5omrgkrx0q.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.023] GetFileType (hFile=0x4d0) returned 0x1 [0170.023] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0170.023] GetFileType (hFile=0x4d0) returned 0x1 [0170.023] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9b8 | out: lpFileSizeHigh=0x3fe9b8*=0x0) returned 0xd140 [0170.023] ReadFile (in: hFile=0x4d0, lpBuffer=0x2531b18, nNumberOfBytesToRead=0xd140, lpNumberOfBytesRead=0x3fe964, lpOverlapped=0x0 | out: lpBuffer=0x2531b18*, lpNumberOfBytesRead=0x3fe964*=0xd140, lpOverlapped=0x0) returned 1 [0170.025] CloseHandle (hObject=0x4d0) returned 1 [0170.049] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0170.049] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe930) returned 1 [0170.049] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ac | out: lpFileInformation=0x3fe9ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0170.054] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe92c) returned 1 [0170.054] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\5OMRGKrX0Q.xlsx", nBufferLength=0x105, lpBuffer=0x3fe3a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\5OMRGKrX0Q.xlsx", lpFilePart=0x0) returned 0x3c [0170.054] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe898) returned 1 [0170.054] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\5OMRGKrX0Q.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fd6d\\5omrgkrx0q.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.057] GetFileType (hFile=0x4d0) returned 0x1 [0170.057] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe894) returned 1 [0170.057] GetFileType (hFile=0x4d0) returned 0x1 [0170.058] WriteFile (in: hFile=0x4d0, lpBuffer=0x25a5e24*, nNumberOfBytesToWrite=0xd150, lpNumberOfBytesWritten=0x3fe954, lpOverlapped=0x0 | out: lpBuffer=0x25a5e24*, lpNumberOfBytesWritten=0x3fe954*=0xd150, lpOverlapped=0x0) returned 1 [0170.060] CloseHandle (hObject=0x4d0) returned 1 [0170.062] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\5OMRGKrX0Q.xlsx", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\5OMRGKrX0Q.xlsx", lpFilePart=0x0) returned 0x3c [0170.062] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\5OMRGKrX0Q.xlsx.encrypted", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\5OMRGKrX0Q.xlsx.encrypted", lpFilePart=0x0) returned 0x46 [0170.062] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe93c) returned 1 [0170.062] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\5OMRGKrX0Q.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fd6d\\5omrgkrx0q.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x3fe9b8 | out: lpFileInformation=0x3fe9b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x593e26a0, ftCreationTime.dwHighDateTime=0x1d5de46, ftLastAccessTime.dwLowDateTime=0xabb7e350, ftLastAccessTime.dwHighDateTime=0x1d5e1f5, ftLastWriteTime.dwLowDateTime=0x19e18900, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0xd150)) returned 1 [0170.062] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe938) returned 1 [0170.062] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\5OMRGKrX0Q.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fd6d\\5omrgkrx0q.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\5OMRGKrX0Q.xlsx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fd6d\\5omrgkrx0q.xlsx.encrypted")) returned 1 [0170.064] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\iu _pwjkz6y-Q p_.ppt", nBufferLength=0x105, lpBuffer=0x3fe3bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\iu _pwjkz6y-Q p_.ppt", lpFilePart=0x0) returned 0x41 [0170.064] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0170.064] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\iu _pwjkz6y-Q p_.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fd6d\\iu _pwjkz6y-q p_.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.066] GetFileType (hFile=0x4d0) returned 0x1 [0170.066] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0170.066] GetFileType (hFile=0x4d0) returned 0x1 [0170.066] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9b8 | out: lpFileSizeHigh=0x3fe9b8*=0x0) returned 0x17f57 [0170.067] ReadFile (in: hFile=0x4d0, lpBuffer=0x3f0e338, nNumberOfBytesToRead=0x17f57, lpNumberOfBytesRead=0x3fe964, lpOverlapped=0x0 | out: lpBuffer=0x3f0e338*, lpNumberOfBytesRead=0x3fe964*=0x17f57, lpOverlapped=0x0) returned 1 [0170.070] CloseHandle (hObject=0x4d0) returned 1 [0170.098] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0170.098] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe930) returned 1 [0170.098] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ac | out: lpFileInformation=0x3fe9ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0170.099] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe92c) returned 1 [0170.099] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\iu _pwjkz6y-Q p_.ppt", nBufferLength=0x105, lpBuffer=0x3fe3a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\iu _pwjkz6y-Q p_.ppt", lpFilePart=0x0) returned 0x41 [0170.099] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe898) returned 1 [0170.099] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\iu _pwjkz6y-Q p_.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fd6d\\iu _pwjkz6y-q p_.ppt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.101] GetFileType (hFile=0x4d0) returned 0x1 [0170.101] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe894) returned 1 [0170.101] GetFileType (hFile=0x4d0) returned 0x1 [0170.101] WriteFile (in: hFile=0x4d0, lpBuffer=0x3f86050*, nNumberOfBytesToWrite=0x17f60, lpNumberOfBytesWritten=0x3fe954, lpOverlapped=0x0 | out: lpBuffer=0x3f86050*, lpNumberOfBytesWritten=0x3fe954*=0x17f60, lpOverlapped=0x0) returned 1 [0170.104] CloseHandle (hObject=0x4d0) returned 1 [0170.106] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\iu _pwjkz6y-Q p_.ppt", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\iu _pwjkz6y-Q p_.ppt", lpFilePart=0x0) returned 0x41 [0170.106] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\iu _pwjkz6y-Q p_.ppt.encrypted", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\iu _pwjkz6y-Q p_.ppt.encrypted", lpFilePart=0x0) returned 0x4b [0170.106] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe93c) returned 1 [0170.106] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\iu _pwjkz6y-Q p_.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fd6d\\iu _pwjkz6y-q p_.ppt"), fInfoLevelId=0x0, lpFileInformation=0x3fe9b8 | out: lpFileInformation=0x3fe9b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46fbd210, ftCreationTime.dwHighDateTime=0x1d5e1e0, ftLastAccessTime.dwLowDateTime=0x302fa5f0, ftLastAccessTime.dwHighDateTime=0x1d5e485, ftLastWriteTime.dwLowDateTime=0x19e8ad20, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x17f60)) returned 1 [0170.106] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe938) returned 1 [0170.106] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\iu _pwjkz6y-Q p_.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fd6d\\iu _pwjkz6y-q p_.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\iu _pwjkz6y-Q p_.ppt.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fd6d\\iu _pwjkz6y-q p_.ppt.encrypted")) returned 1 [0170.110] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\kn5oA0.docx", nBufferLength=0x105, lpBuffer=0x3fe3bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\kn5oA0.docx", lpFilePart=0x0) returned 0x38 [0170.110] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0170.111] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\kn5oA0.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fd6d\\kn5oa0.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.112] GetFileType (hFile=0x4d0) returned 0x1 [0170.112] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0170.112] GetFileType (hFile=0x4d0) returned 0x1 [0170.112] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9b8 | out: lpFileSizeHigh=0x3fe9b8*=0x0) returned 0x2ae6 [0170.112] ReadFile (in: hFile=0x4d0, lpBuffer=0x26007f8, nNumberOfBytesToRead=0x2ae6, lpNumberOfBytesRead=0x3fe964, lpOverlapped=0x0 | out: lpBuffer=0x26007f8*, lpNumberOfBytesRead=0x3fe964*=0x2ae6, lpOverlapped=0x0) returned 1 [0170.180] CloseHandle (hObject=0x4d0) returned 1 [0170.206] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0170.206] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe930) returned 1 [0170.206] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ac | out: lpFileInformation=0x3fe9ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0170.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe92c) returned 1 [0170.206] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\kn5oA0.docx", nBufferLength=0x105, lpBuffer=0x3fe3a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\kn5oA0.docx", lpFilePart=0x0) returned 0x38 [0170.206] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe898) returned 1 [0170.206] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\kn5oA0.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fd6d\\kn5oa0.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.208] GetFileType (hFile=0x4d0) returned 0x1 [0170.208] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe894) returned 1 [0170.208] GetFileType (hFile=0x4d0) returned 0x1 [0170.208] WriteFile (in: hFile=0x4d0, lpBuffer=0x265ac58*, nNumberOfBytesToWrite=0x2af0, lpNumberOfBytesWritten=0x3fe954, lpOverlapped=0x0 | out: lpBuffer=0x265ac58*, lpNumberOfBytesWritten=0x3fe954*=0x2af0, lpOverlapped=0x0) returned 1 [0170.209] CloseHandle (hObject=0x4d0) returned 1 [0170.210] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\kn5oA0.docx", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\kn5oA0.docx", lpFilePart=0x0) returned 0x38 [0170.210] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\kn5oA0.docx.encrypted", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\kn5oA0.docx.encrypted", lpFilePart=0x0) returned 0x42 [0170.210] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe93c) returned 1 [0170.211] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\kn5oA0.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fd6d\\kn5oa0.docx"), fInfoLevelId=0x0, lpFileInformation=0x3fe9b8 | out: lpFileInformation=0x3fe9b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde1fae50, ftCreationTime.dwHighDateTime=0x1d5dc45, ftLastAccessTime.dwLowDateTime=0xcb2a72d0, ftLastAccessTime.dwHighDateTime=0x1d5df42, ftLastWriteTime.dwLowDateTime=0x19f956c0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x2af0)) returned 1 [0170.211] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe938) returned 1 [0170.211] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\kn5oA0.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fd6d\\kn5oa0.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\kn5oA0.docx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fd6d\\kn5oa0.docx.encrypted")) returned 1 [0170.212] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\N4j3SO.pdf", nBufferLength=0x105, lpBuffer=0x3fe3bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\N4j3SO.pdf", lpFilePart=0x0) returned 0x37 [0170.213] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0170.213] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\N4j3SO.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fd6d\\n4j3so.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.213] GetFileType (hFile=0x4d0) returned 0x1 [0170.213] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0170.213] GetFileType (hFile=0x4d0) returned 0x1 [0170.213] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9b8 | out: lpFileSizeHigh=0x3fe9b8*=0x0) returned 0x497e [0170.213] ReadFile (in: hFile=0x4d0, lpBuffer=0x265dc40, nNumberOfBytesToRead=0x497e, lpNumberOfBytesRead=0x3fe964, lpOverlapped=0x0 | out: lpBuffer=0x265dc40*, lpNumberOfBytesRead=0x3fe964*=0x497e, lpOverlapped=0x0) returned 1 [0170.215] CloseHandle (hObject=0x4d0) returned 1 [0170.239] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0170.239] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe930) returned 1 [0170.239] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ac | out: lpFileInformation=0x3fe9ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0170.239] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe92c) returned 1 [0170.239] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\N4j3SO.pdf", nBufferLength=0x105, lpBuffer=0x3fe3a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\N4j3SO.pdf", lpFilePart=0x0) returned 0x37 [0170.239] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe898) returned 1 [0170.239] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\N4j3SO.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fd6d\\n4j3so.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.241] GetFileType (hFile=0x4d0) returned 0x1 [0170.241] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe894) returned 1 [0170.241] GetFileType (hFile=0x4d0) returned 0x1 [0170.241] WriteFile (in: hFile=0x4d0, lpBuffer=0x26c1970*, nNumberOfBytesToWrite=0x4980, lpNumberOfBytesWritten=0x3fe954, lpOverlapped=0x0 | out: lpBuffer=0x26c1970*, lpNumberOfBytesWritten=0x3fe954*=0x4980, lpOverlapped=0x0) returned 1 [0170.242] CloseHandle (hObject=0x4d0) returned 1 [0170.244] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\N4j3SO.pdf", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\N4j3SO.pdf", lpFilePart=0x0) returned 0x37 [0170.244] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\N4j3SO.pdf.encrypted", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\N4j3SO.pdf.encrypted", lpFilePart=0x0) returned 0x41 [0170.244] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe93c) returned 1 [0170.244] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\N4j3SO.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fd6d\\n4j3so.pdf"), fInfoLevelId=0x0, lpFileInformation=0x3fe9b8 | out: lpFileInformation=0x3fe9b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x853dd2d0, ftCreationTime.dwHighDateTime=0x1d5d812, ftLastAccessTime.dwLowDateTime=0x76189dc0, ftLastAccessTime.dwHighDateTime=0x1d5dba1, ftLastWriteTime.dwLowDateTime=0x19fe1980, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x4980)) returned 1 [0170.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe938) returned 1 [0170.244] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\N4j3SO.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fd6d\\n4j3so.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\N4j3SO.pdf.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fd6d\\n4j3so.pdf.encrypted")) returned 1 [0170.247] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\UVbgFYLv6.doc", nBufferLength=0x105, lpBuffer=0x3fe3bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\UVbgFYLv6.doc", lpFilePart=0x0) returned 0x3a [0170.247] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0170.247] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\UVbgFYLv6.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fd6d\\uvbgfylv6.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.247] GetFileType (hFile=0x4d0) returned 0x1 [0170.247] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0170.247] GetFileType (hFile=0x4d0) returned 0x1 [0170.247] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9b8 | out: lpFileSizeHigh=0x3fe9b8*=0x0) returned 0xc40e [0170.248] ReadFile (in: hFile=0x4d0, lpBuffer=0x26c67fc, nNumberOfBytesToRead=0xc40e, lpNumberOfBytesRead=0x3fe964, lpOverlapped=0x0 | out: lpBuffer=0x26c67fc*, lpNumberOfBytesRead=0x3fe964*=0xc40e, lpOverlapped=0x0) returned 1 [0170.250] CloseHandle (hObject=0x4d0) returned 1 [0170.314] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0170.314] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe930) returned 1 [0170.314] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ac | out: lpFileInformation=0x3fe9ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0170.315] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe92c) returned 1 [0170.315] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\UVbgFYLv6.doc", nBufferLength=0x105, lpBuffer=0x3fe3a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\UVbgFYLv6.doc", lpFilePart=0x0) returned 0x3a [0170.315] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe898) returned 1 [0170.315] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\UVbgFYLv6.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fd6d\\uvbgfylv6.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.316] GetFileType (hFile=0x4d0) returned 0x1 [0170.316] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe894) returned 1 [0170.316] GetFileType (hFile=0x4d0) returned 0x1 [0170.316] WriteFile (in: hFile=0x4d0, lpBuffer=0x254b3a4*, nNumberOfBytesToWrite=0xc410, lpNumberOfBytesWritten=0x3fe954, lpOverlapped=0x0 | out: lpBuffer=0x254b3a4*, lpNumberOfBytesWritten=0x3fe954*=0xc410, lpOverlapped=0x0) returned 1 [0170.319] CloseHandle (hObject=0x4d0) returned 1 [0170.323] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\UVbgFYLv6.doc", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\UVbgFYLv6.doc", lpFilePart=0x0) returned 0x3a [0170.323] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\UVbgFYLv6.doc.encrypted", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\UVbgFYLv6.doc.encrypted", lpFilePart=0x0) returned 0x44 [0170.323] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe93c) returned 1 [0170.323] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\UVbgFYLv6.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fd6d\\uvbgfylv6.doc"), fInfoLevelId=0x0, lpFileInformation=0x3fe9b8 | out: lpFileInformation=0x3fe9b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa54eca10, ftCreationTime.dwHighDateTime=0x1d5de03, ftLastAccessTime.dwLowDateTime=0xb8cf13e0, ftLastAccessTime.dwHighDateTime=0x1d5dd3d, ftLastWriteTime.dwLowDateTime=0x1a0a0060, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0xc410)) returned 1 [0170.324] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe938) returned 1 [0170.324] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\UVbgFYLv6.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fd6d\\uvbgfylv6.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\fD6D\\UVbgFYLv6.doc.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fd6d\\uvbgfylv6.doc.encrypted")) returned 1 [0170.325] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe9c8) returned 1 [0170.325] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH", lpFilePart=0x0) returned 0x37 [0170.325] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\", nBufferLength=0x105, lpBuffer=0x3fe4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\", lpFilePart=0x0) returned 0x38 [0170.325] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\*", lpFindFileData=0x3fe6f0 | out: lpFindFileData=0x3fe6f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa5f61f20, ftCreationTime.dwHighDateTime=0x1d5dfdb, ftLastAccessTime.dwLowDateTime=0x5db5e440, ftLastAccessTime.dwHighDateTime=0x1d5d881, ftLastWriteTime.dwLowDateTime=0x5db5e440, ftLastWriteTime.dwHighDateTime=0x1d5d881, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8dfcb70 [0170.331] FindNextFileW (in: hFindFile=0x8dfcb70, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa5f61f20, ftCreationTime.dwHighDateTime=0x1d5dfdb, ftLastAccessTime.dwLowDateTime=0x5db5e440, ftLastAccessTime.dwHighDateTime=0x1d5d881, ftLastWriteTime.dwLowDateTime=0x5db5e440, ftLastWriteTime.dwHighDateTime=0x1d5d881, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0170.331] FindNextFileW (in: hFindFile=0x8dfcb70, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bc531f0, ftCreationTime.dwHighDateTime=0x1d5e349, ftLastAccessTime.dwLowDateTime=0xfe476d00, ftLastAccessTime.dwHighDateTime=0x1d5d8e2, ftLastWriteTime.dwLowDateTime=0xfe476d00, ftLastWriteTime.dwHighDateTime=0x1d5d8e2, nFileSizeHigh=0x0, nFileSizeLow=0x1e4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="iW0gsaCRU5BTYudlOT-R.docx", cAlternateFileName="IW0GSA~1.DOC")) returned 1 [0170.331] FindNextFileW (in: hFindFile=0x8dfcb70, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1b392020, ftCreationTime.dwHighDateTime=0x1d5e0c7, ftLastAccessTime.dwLowDateTime=0xf34e2820, ftLastAccessTime.dwHighDateTime=0x1d5dd52, ftLastWriteTime.dwLowDateTime=0xf34e2820, ftLastWriteTime.dwHighDateTime=0x1d5dd52, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Lh-fmvDxe3XRZzV7__u", cAlternateFileName="LH-FMV~1")) returned 1 [0170.331] FindNextFileW (in: hFindFile=0x8dfcb70, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1b392020, ftCreationTime.dwHighDateTime=0x1d5e0c7, ftLastAccessTime.dwLowDateTime=0xf34e2820, ftLastAccessTime.dwHighDateTime=0x1d5dd52, ftLastWriteTime.dwLowDateTime=0xf34e2820, ftLastWriteTime.dwHighDateTime=0x1d5dd52, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Lh-fmvDxe3XRZzV7__u", cAlternateFileName="LH-FMV~1")) returned 0 [0170.331] FindClose (in: hFindFile=0x8dfcb70 | out: hFindFile=0x8dfcb70) returned 1 [0170.332] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe988) returned 1 [0170.332] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe994) returned 1 [0170.332] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe9c8) returned 1 [0170.332] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH", lpFilePart=0x0) returned 0x37 [0170.332] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\", nBufferLength=0x105, lpBuffer=0x3fe4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\", lpFilePart=0x0) returned 0x38 [0170.332] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\*", lpFindFileData=0x3fe6f0 | out: lpFindFileData=0x3fe6f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa5f61f20, ftCreationTime.dwHighDateTime=0x1d5dfdb, ftLastAccessTime.dwLowDateTime=0x5db5e440, ftLastAccessTime.dwHighDateTime=0x1d5d881, ftLastWriteTime.dwLowDateTime=0x5db5e440, ftLastWriteTime.dwHighDateTime=0x1d5d881, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8dfcb70 [0170.332] FindNextFileW (in: hFindFile=0x8dfcb70, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa5f61f20, ftCreationTime.dwHighDateTime=0x1d5dfdb, ftLastAccessTime.dwLowDateTime=0x5db5e440, ftLastAccessTime.dwHighDateTime=0x1d5d881, ftLastWriteTime.dwLowDateTime=0x5db5e440, ftLastWriteTime.dwHighDateTime=0x1d5d881, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0170.332] FindNextFileW (in: hFindFile=0x8dfcb70, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bc531f0, ftCreationTime.dwHighDateTime=0x1d5e349, ftLastAccessTime.dwLowDateTime=0xfe476d00, ftLastAccessTime.dwHighDateTime=0x1d5d8e2, ftLastWriteTime.dwLowDateTime=0xfe476d00, ftLastWriteTime.dwHighDateTime=0x1d5d8e2, nFileSizeHigh=0x0, nFileSizeLow=0x1e4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="iW0gsaCRU5BTYudlOT-R.docx", cAlternateFileName="IW0GSA~1.DOC")) returned 1 [0170.333] FindNextFileW (in: hFindFile=0x8dfcb70, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1b392020, ftCreationTime.dwHighDateTime=0x1d5e0c7, ftLastAccessTime.dwLowDateTime=0xf34e2820, ftLastAccessTime.dwHighDateTime=0x1d5dd52, ftLastWriteTime.dwLowDateTime=0xf34e2820, ftLastWriteTime.dwHighDateTime=0x1d5dd52, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Lh-fmvDxe3XRZzV7__u", cAlternateFileName="LH-FMV~1")) returned 1 [0170.333] FindNextFileW (in: hFindFile=0x8dfcb70, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0170.333] FindClose (in: hFindFile=0x8dfcb70 | out: hFindFile=0x8dfcb70) returned 1 [0170.333] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe988) returned 1 [0170.333] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe994) returned 1 [0170.333] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\iW0gsaCRU5BTYudlOT-R.docx", nBufferLength=0x105, lpBuffer=0x3fe3bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\iW0gsaCRU5BTYudlOT-R.docx", lpFilePart=0x0) returned 0x51 [0170.333] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0170.333] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\iW0gsaCRU5BTYudlOT-R.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\iw0gsacru5btyudlot-r.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.335] GetFileType (hFile=0x4d0) returned 0x1 [0170.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0170.335] GetFileType (hFile=0x4d0) returned 0x1 [0170.335] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9b8 | out: lpFileSizeHigh=0x3fe9b8*=0x0) returned 0x1e4a [0170.335] ReadFile (in: hFile=0x4d0, lpBuffer=0x2559858, nNumberOfBytesToRead=0x1e4a, lpNumberOfBytesRead=0x3fe964, lpOverlapped=0x0 | out: lpBuffer=0x2559858*, lpNumberOfBytesRead=0x3fe964*=0x1e4a, lpOverlapped=0x0) returned 1 [0170.337] CloseHandle (hObject=0x4d0) returned 1 [0170.359] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0170.359] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe930) returned 1 [0170.360] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ac | out: lpFileInformation=0x3fe9ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0170.360] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe92c) returned 1 [0170.360] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\iW0gsaCRU5BTYudlOT-R.docx", nBufferLength=0x105, lpBuffer=0x3fe3a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\iW0gsaCRU5BTYudlOT-R.docx", lpFilePart=0x0) returned 0x51 [0170.360] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe898) returned 1 [0170.360] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\iW0gsaCRU5BTYudlOT-R.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\iw0gsacru5btyudlot-r.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.361] GetFileType (hFile=0x4d0) returned 0x1 [0170.361] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe894) returned 1 [0170.361] GetFileType (hFile=0x4d0) returned 0x1 [0170.361] WriteFile (in: hFile=0x4d0, lpBuffer=0x25afef4*, nNumberOfBytesToWrite=0x1e50, lpNumberOfBytesWritten=0x3fe954, lpOverlapped=0x0 | out: lpBuffer=0x25afef4*, lpNumberOfBytesWritten=0x3fe954*=0x1e50, lpOverlapped=0x0) returned 1 [0170.363] CloseHandle (hObject=0x4d0) returned 1 [0170.364] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\iW0gsaCRU5BTYudlOT-R.docx", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\iW0gsaCRU5BTYudlOT-R.docx", lpFilePart=0x0) returned 0x51 [0170.364] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\iW0gsaCRU5BTYudlOT-R.docx.encrypted", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\iW0gsaCRU5BTYudlOT-R.docx.encrypted", lpFilePart=0x0) returned 0x5b [0170.364] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe93c) returned 1 [0170.364] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\iW0gsaCRU5BTYudlOT-R.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\iw0gsacru5btyudlot-r.docx"), fInfoLevelId=0x0, lpFileInformation=0x3fe9b8 | out: lpFileInformation=0x3fe9b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bc531f0, ftCreationTime.dwHighDateTime=0x1d5e349, ftLastAccessTime.dwLowDateTime=0xfe476d00, ftLastAccessTime.dwHighDateTime=0x1d5d8e2, ftLastWriteTime.dwLowDateTime=0x1a0ec320, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x1e50)) returned 1 [0170.364] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe938) returned 1 [0170.364] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\iW0gsaCRU5BTYudlOT-R.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\iw0gsacru5btyudlot-r.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\iW0gsaCRU5BTYudlOT-R.docx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\iw0gsacru5btyudlot-r.docx.encrypted")) returned 1 [0170.366] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0170.366] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u", lpFilePart=0x0) returned 0x4b [0170.366] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\", lpFilePart=0x0) returned 0x4c [0170.366] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1b392020, ftCreationTime.dwHighDateTime=0x1d5e0c7, ftLastAccessTime.dwLowDateTime=0xf34e2820, ftLastAccessTime.dwHighDateTime=0x1d5dd52, ftLastWriteTime.dwLowDateTime=0xf34e2820, ftLastWriteTime.dwHighDateTime=0x1d5dd52, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8dfcbf0 [0170.369] FindNextFileW (in: hFindFile=0x8dfcbf0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1b392020, ftCreationTime.dwHighDateTime=0x1d5e0c7, ftLastAccessTime.dwLowDateTime=0xf34e2820, ftLastAccessTime.dwHighDateTime=0x1d5dd52, ftLastWriteTime.dwLowDateTime=0xf34e2820, ftLastWriteTime.dwHighDateTime=0x1d5dd52, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0170.369] FindNextFileW (in: hFindFile=0x8dfcbf0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcea21020, ftCreationTime.dwHighDateTime=0x1d5e4a2, ftLastAccessTime.dwLowDateTime=0xcfc45e50, ftLastAccessTime.dwHighDateTime=0x1d5dfe7, ftLastWriteTime.dwLowDateTime=0xcfc45e50, ftLastWriteTime.dwHighDateTime=0x1d5dfe7, nFileSizeHigh=0x0, nFileSizeLow=0xd8da, dwReserved0=0x0, dwReserved1=0x0, cFileName="3OM LYT9P.rtf", cAlternateFileName="3OMLYT~1.RTF")) returned 1 [0170.369] FindNextFileW (in: hFindFile=0x8dfcbf0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbec852d0, ftCreationTime.dwHighDateTime=0x1d5e278, ftLastAccessTime.dwLowDateTime=0xc94cf0e0, ftLastAccessTime.dwHighDateTime=0x1d5e6f0, ftLastWriteTime.dwLowDateTime=0xc94cf0e0, ftLastWriteTime.dwHighDateTime=0x1d5e6f0, nFileSizeHigh=0x0, nFileSizeLow=0xd4f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bcU3GqGaCV1.pptx", cAlternateFileName="BCU3GQ~1.PPT")) returned 1 [0170.370] FindNextFileW (in: hFindFile=0x8dfcbf0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x112fb2a0, ftCreationTime.dwHighDateTime=0x1d5df1a, ftLastAccessTime.dwLowDateTime=0xf011bb60, ftLastAccessTime.dwHighDateTime=0x1d5d92c, ftLastWriteTime.dwLowDateTime=0xf011bb60, ftLastWriteTime.dwHighDateTime=0x1d5d92c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EmgH", cAlternateFileName="")) returned 1 [0170.370] FindNextFileW (in: hFindFile=0x8dfcbf0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb86fc2a0, ftCreationTime.dwHighDateTime=0x1d5e64d, ftLastAccessTime.dwLowDateTime=0xb23d4aa0, ftLastAccessTime.dwHighDateTime=0x1d5e167, ftLastWriteTime.dwLowDateTime=0xb23d4aa0, ftLastWriteTime.dwHighDateTime=0x1d5e167, nFileSizeHigh=0x0, nFileSizeLow=0x5ea2, dwReserved0=0x0, dwReserved1=0x0, cFileName="q5_qIHcDS.csv", cAlternateFileName="Q5_QIH~1.CSV")) returned 1 [0170.370] FindNextFileW (in: hFindFile=0x8dfcbf0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0170.370] FindClose (in: hFindFile=0x8dfcbf0 | out: hFindFile=0x8dfcbf0) returned 1 [0170.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0170.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0170.371] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0170.371] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u", lpFilePart=0x0) returned 0x4b [0170.371] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\", lpFilePart=0x0) returned 0x4c [0170.371] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1b392020, ftCreationTime.dwHighDateTime=0x1d5e0c7, ftLastAccessTime.dwLowDateTime=0xf34e2820, ftLastAccessTime.dwHighDateTime=0x1d5dd52, ftLastWriteTime.dwLowDateTime=0xf34e2820, ftLastWriteTime.dwHighDateTime=0x1d5dd52, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8dfcbf0 [0170.373] FindNextFileW (in: hFindFile=0x8dfcbf0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1b392020, ftCreationTime.dwHighDateTime=0x1d5e0c7, ftLastAccessTime.dwLowDateTime=0xf34e2820, ftLastAccessTime.dwHighDateTime=0x1d5dd52, ftLastWriteTime.dwLowDateTime=0xf34e2820, ftLastWriteTime.dwHighDateTime=0x1d5dd52, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0170.373] FindNextFileW (in: hFindFile=0x8dfcbf0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcea21020, ftCreationTime.dwHighDateTime=0x1d5e4a2, ftLastAccessTime.dwLowDateTime=0xcfc45e50, ftLastAccessTime.dwHighDateTime=0x1d5dfe7, ftLastWriteTime.dwLowDateTime=0xcfc45e50, ftLastWriteTime.dwHighDateTime=0x1d5dfe7, nFileSizeHigh=0x0, nFileSizeLow=0xd8da, dwReserved0=0x0, dwReserved1=0x0, cFileName="3OM LYT9P.rtf", cAlternateFileName="3OMLYT~1.RTF")) returned 1 [0170.373] FindNextFileW (in: hFindFile=0x8dfcbf0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbec852d0, ftCreationTime.dwHighDateTime=0x1d5e278, ftLastAccessTime.dwLowDateTime=0xc94cf0e0, ftLastAccessTime.dwHighDateTime=0x1d5e6f0, ftLastWriteTime.dwLowDateTime=0xc94cf0e0, ftLastWriteTime.dwHighDateTime=0x1d5e6f0, nFileSizeHigh=0x0, nFileSizeLow=0xd4f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bcU3GqGaCV1.pptx", cAlternateFileName="BCU3GQ~1.PPT")) returned 1 [0170.373] FindNextFileW (in: hFindFile=0x8dfcbf0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x112fb2a0, ftCreationTime.dwHighDateTime=0x1d5df1a, ftLastAccessTime.dwLowDateTime=0xf011bb60, ftLastAccessTime.dwHighDateTime=0x1d5d92c, ftLastWriteTime.dwLowDateTime=0xf011bb60, ftLastWriteTime.dwHighDateTime=0x1d5d92c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EmgH", cAlternateFileName="")) returned 1 [0170.373] FindNextFileW (in: hFindFile=0x8dfcbf0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb86fc2a0, ftCreationTime.dwHighDateTime=0x1d5e64d, ftLastAccessTime.dwLowDateTime=0xb23d4aa0, ftLastAccessTime.dwHighDateTime=0x1d5e167, ftLastWriteTime.dwLowDateTime=0xb23d4aa0, ftLastWriteTime.dwHighDateTime=0x1d5e167, nFileSizeHigh=0x0, nFileSizeLow=0x5ea2, dwReserved0=0x0, dwReserved1=0x0, cFileName="q5_qIHcDS.csv", cAlternateFileName="Q5_QIH~1.CSV")) returned 1 [0170.374] FindNextFileW (in: hFindFile=0x8dfcbf0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb86fc2a0, ftCreationTime.dwHighDateTime=0x1d5e64d, ftLastAccessTime.dwLowDateTime=0xb23d4aa0, ftLastAccessTime.dwHighDateTime=0x1d5e167, ftLastWriteTime.dwLowDateTime=0xb23d4aa0, ftLastWriteTime.dwHighDateTime=0x1d5e167, nFileSizeHigh=0x0, nFileSizeLow=0x5ea2, dwReserved0=0x0, dwReserved1=0x0, cFileName="q5_qIHcDS.csv", cAlternateFileName="Q5_QIH~1.CSV")) returned 0 [0170.374] FindClose (in: hFindFile=0x8dfcbf0 | out: hFindFile=0x8dfcbf0) returned 1 [0170.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0170.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0170.375] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\3OM LYT9P.rtf", nBufferLength=0x105, lpBuffer=0x3fe37c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\3OM LYT9P.rtf", lpFilePart=0x0) returned 0x59 [0170.375] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe870) returned 1 [0170.375] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\3OM LYT9P.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\3om lyt9p.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.377] GetFileType (hFile=0x4d0) returned 0x1 [0170.377] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe86c) returned 1 [0170.377] GetFileType (hFile=0x4d0) returned 0x1 [0170.377] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe978 | out: lpFileSizeHigh=0x3fe978*=0x0) returned 0xd8da [0170.377] ReadFile (in: hFile=0x4d0, lpBuffer=0x25b4abc, nNumberOfBytesToRead=0xd8da, lpNumberOfBytesRead=0x3fe924, lpOverlapped=0x0 | out: lpBuffer=0x25b4abc*, lpNumberOfBytesRead=0x3fe924*=0xd8da, lpOverlapped=0x0) returned 1 [0170.380] CloseHandle (hObject=0x4d0) returned 1 [0170.405] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0170.405] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0170.405] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe96c | out: lpFileInformation=0x3fe96c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0170.405] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0170.405] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\3OM LYT9P.rtf", nBufferLength=0x105, lpBuffer=0x3fe364, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\3OM LYT9P.rtf", lpFilePart=0x0) returned 0x59 [0170.405] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe858) returned 1 [0170.405] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\3OM LYT9P.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\3om lyt9p.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.408] GetFileType (hFile=0x4d0) returned 0x1 [0170.408] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe854) returned 1 [0170.408] GetFileType (hFile=0x4d0) returned 0x1 [0170.408] WriteFile (in: hFile=0x4d0, lpBuffer=0x262a320*, nNumberOfBytesToWrite=0xd8e0, lpNumberOfBytesWritten=0x3fe914, lpOverlapped=0x0 | out: lpBuffer=0x262a320*, lpNumberOfBytesWritten=0x3fe914*=0xd8e0, lpOverlapped=0x0) returned 1 [0170.410] CloseHandle (hObject=0x4d0) returned 1 [0170.412] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\3OM LYT9P.rtf", nBufferLength=0x105, lpBuffer=0x3fe49c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\3OM LYT9P.rtf", lpFilePart=0x0) returned 0x59 [0170.412] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\3OM LYT9P.rtf.encrypted", nBufferLength=0x105, lpBuffer=0x3fe49c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\3OM LYT9P.rtf.encrypted", lpFilePart=0x0) returned 0x63 [0170.412] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8fc) returned 1 [0170.412] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\3OM LYT9P.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\3om lyt9p.rtf"), fInfoLevelId=0x0, lpFileInformation=0x3fe978 | out: lpFileInformation=0x3fe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcea21020, ftCreationTime.dwHighDateTime=0x1d5e4a2, ftLastAccessTime.dwLowDateTime=0xcfc45e50, ftLastAccessTime.dwHighDateTime=0x1d5dfe7, ftLastWriteTime.dwLowDateTime=0x1a1848a0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0xd8e0)) returned 1 [0170.412] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8f8) returned 1 [0170.412] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\3OM LYT9P.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\3om lyt9p.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\3OM LYT9P.rtf.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\3om lyt9p.rtf.encrypted")) returned 1 [0170.414] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\bcU3GqGaCV1.pptx", nBufferLength=0x105, lpBuffer=0x3fe37c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\bcU3GqGaCV1.pptx", lpFilePart=0x0) returned 0x5c [0170.414] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe870) returned 1 [0170.414] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\bcU3GqGaCV1.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\bcu3gqgacv1.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.414] GetFileType (hFile=0x4d0) returned 0x1 [0170.414] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe86c) returned 1 [0170.414] GetFileType (hFile=0x4d0) returned 0x1 [0170.414] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe978 | out: lpFileSizeHigh=0x3fe978*=0x0) returned 0xd4f0 [0170.414] ReadFile (in: hFile=0x4d0, lpBuffer=0x2638254, nNumberOfBytesToRead=0xd4f0, lpNumberOfBytesRead=0x3fe924, lpOverlapped=0x0 | out: lpBuffer=0x2638254*, lpNumberOfBytesRead=0x3fe924*=0xd4f0, lpOverlapped=0x0) returned 1 [0170.441] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0170.441] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0170.441] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe96c | out: lpFileInformation=0x3fe96c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0170.442] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0170.442] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\bcU3GqGaCV1.pptx", nBufferLength=0x105, lpBuffer=0x3fe364, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\bcU3GqGaCV1.pptx", lpFilePart=0x0) returned 0x5c [0170.442] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe858) returned 1 [0170.442] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\bcU3GqGaCV1.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\bcu3gqgacv1.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.444] GetFileType (hFile=0x4d0) returned 0x1 [0170.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe854) returned 1 [0170.444] GetFileType (hFile=0x4d0) returned 0x1 [0170.444] WriteFile (in: hFile=0x4d0, lpBuffer=0x26acf14*, nNumberOfBytesToWrite=0xd500, lpNumberOfBytesWritten=0x3fe914, lpOverlapped=0x0 | out: lpBuffer=0x26acf14*, lpNumberOfBytesWritten=0x3fe914*=0xd500, lpOverlapped=0x0) returned 1 [0170.446] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\bcU3GqGaCV1.pptx", nBufferLength=0x105, lpBuffer=0x3fe49c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\bcU3GqGaCV1.pptx", lpFilePart=0x0) returned 0x5c [0170.446] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\bcU3GqGaCV1.pptx.encrypted", nBufferLength=0x105, lpBuffer=0x3fe49c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\bcU3GqGaCV1.pptx.encrypted", lpFilePart=0x0) returned 0x66 [0170.447] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8fc) returned 1 [0170.447] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\bcU3GqGaCV1.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\bcu3gqgacv1.pptx"), fInfoLevelId=0x0, lpFileInformation=0x3fe978 | out: lpFileInformation=0x3fe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbec852d0, ftCreationTime.dwHighDateTime=0x1d5e278, ftLastAccessTime.dwLowDateTime=0xc94cf0e0, ftLastAccessTime.dwHighDateTime=0x1d5e6f0, ftLastWriteTime.dwLowDateTime=0x1a1d0b60, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0xd500)) returned 1 [0170.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8f8) returned 1 [0170.447] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\bcU3GqGaCV1.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\bcu3gqgacv1.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\bcU3GqGaCV1.pptx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\bcu3gqgacv1.pptx.encrypted")) returned 1 [0170.448] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\q5_qIHcDS.csv", nBufferLength=0x105, lpBuffer=0x3fe37c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\q5_qIHcDS.csv", lpFilePart=0x0) returned 0x59 [0170.448] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe870) returned 1 [0170.448] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\q5_qIHcDS.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\q5_qihcds.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.449] GetFileType (hFile=0x4d0) returned 0x1 [0170.450] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe86c) returned 1 [0170.450] GetFileType (hFile=0x4d0) returned 0x1 [0170.450] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe978 | out: lpFileSizeHigh=0x3fe978*=0x0) returned 0x5ea2 [0170.450] ReadFile (in: hFile=0x4d0, lpBuffer=0x26baa80, nNumberOfBytesToRead=0x5ea2, lpNumberOfBytesRead=0x3fe924, lpOverlapped=0x0 | out: lpBuffer=0x26baa80*, lpNumberOfBytesRead=0x3fe924*=0x5ea2, lpOverlapped=0x0) returned 1 [0170.514] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0170.514] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0170.514] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe96c | out: lpFileInformation=0x3fe96c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0170.514] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0170.514] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\q5_qIHcDS.csv", nBufferLength=0x105, lpBuffer=0x3fe364, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\q5_qIHcDS.csv", lpFilePart=0x0) returned 0x59 [0170.514] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe858) returned 1 [0170.514] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\q5_qIHcDS.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\q5_qihcds.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.516] GetFileType (hFile=0x4d0) returned 0x1 [0170.516] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe854) returned 1 [0170.516] GetFileType (hFile=0x4d0) returned 0x1 [0170.516] WriteFile (in: hFile=0x4d0, lpBuffer=0x252bb4c*, nNumberOfBytesToWrite=0x5eb0, lpNumberOfBytesWritten=0x3fe914, lpOverlapped=0x0 | out: lpBuffer=0x252bb4c*, lpNumberOfBytesWritten=0x3fe914*=0x5eb0, lpOverlapped=0x0) returned 1 [0170.523] CloseHandle (hObject=0x4d0) returned 1 [0170.525] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\q5_qIHcDS.csv", nBufferLength=0x105, lpBuffer=0x3fe49c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\q5_qIHcDS.csv", lpFilePart=0x0) returned 0x59 [0170.525] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\q5_qIHcDS.csv.encrypted", nBufferLength=0x105, lpBuffer=0x3fe49c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\q5_qIHcDS.csv.encrypted", lpFilePart=0x0) returned 0x63 [0170.525] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8fc) returned 1 [0170.525] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\q5_qIHcDS.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\q5_qihcds.csv"), fInfoLevelId=0x0, lpFileInformation=0x3fe978 | out: lpFileInformation=0x3fe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb86fc2a0, ftCreationTime.dwHighDateTime=0x1d5e64d, ftLastAccessTime.dwLowDateTime=0xb23d4aa0, ftLastAccessTime.dwHighDateTime=0x1d5e167, ftLastWriteTime.dwLowDateTime=0x1a28f240, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x5eb0)) returned 1 [0170.525] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8f8) returned 1 [0170.525] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\q5_qIHcDS.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\q5_qihcds.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\q5_qIHcDS.csv.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\q5_qihcds.csv.encrypted")) returned 1 [0170.527] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0170.527] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH", lpFilePart=0x0) returned 0x50 [0170.527] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\", lpFilePart=0x0) returned 0x51 [0170.527] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x112fb2a0, ftCreationTime.dwHighDateTime=0x1d5df1a, ftLastAccessTime.dwLowDateTime=0xf011bb60, ftLastAccessTime.dwHighDateTime=0x1d5d92c, ftLastWriteTime.dwLowDateTime=0xf011bb60, ftLastWriteTime.dwHighDateTime=0x1d5d92c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8dfcd70 [0170.530] FindNextFileW (in: hFindFile=0x8dfcd70, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x112fb2a0, ftCreationTime.dwHighDateTime=0x1d5df1a, ftLastAccessTime.dwLowDateTime=0xf011bb60, ftLastAccessTime.dwHighDateTime=0x1d5d92c, ftLastWriteTime.dwLowDateTime=0xf011bb60, ftLastWriteTime.dwHighDateTime=0x1d5d92c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0170.530] FindNextFileW (in: hFindFile=0x8dfcd70, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4066de0, ftCreationTime.dwHighDateTime=0x1d5e675, ftLastAccessTime.dwLowDateTime=0x85822a20, ftLastAccessTime.dwHighDateTime=0x1d5e0aa, ftLastWriteTime.dwLowDateTime=0x85822a20, ftLastWriteTime.dwHighDateTime=0x1d5e0aa, nFileSizeHigh=0x0, nFileSizeLow=0x14f09, dwReserved0=0x0, dwReserved1=0x0, cFileName="EJL9MvsVxvf.ots", cAlternateFileName="EJL9MV~1.OTS")) returned 1 [0170.530] FindNextFileW (in: hFindFile=0x8dfcd70, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e112af0, ftCreationTime.dwHighDateTime=0x1d5e529, ftLastAccessTime.dwLowDateTime=0xc354a680, ftLastAccessTime.dwHighDateTime=0x1d5defb, ftLastWriteTime.dwLowDateTime=0xc354a680, ftLastWriteTime.dwHighDateTime=0x1d5defb, nFileSizeHigh=0x0, nFileSizeLow=0x10c27, dwReserved0=0x0, dwReserved1=0x0, cFileName="EnEC8-8loAEpSUfOjq.xlsx", cAlternateFileName="ENEC8-~1.XLS")) returned 1 [0170.530] FindNextFileW (in: hFindFile=0x8dfcd70, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbfdbfb90, ftCreationTime.dwHighDateTime=0x1d5dbbb, ftLastAccessTime.dwLowDateTime=0x361238f0, ftLastAccessTime.dwHighDateTime=0x1d5dd25, ftLastWriteTime.dwLowDateTime=0x361238f0, ftLastWriteTime.dwHighDateTime=0x1d5dd25, nFileSizeHigh=0x0, nFileSizeLow=0x93cd, dwReserved0=0x0, dwReserved1=0x0, cFileName="it1m.doc", cAlternateFileName="")) returned 1 [0170.530] FindNextFileW (in: hFindFile=0x8dfcd70, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfea88a70, ftCreationTime.dwHighDateTime=0x1d5e5b4, ftLastAccessTime.dwLowDateTime=0x169d2910, ftLastAccessTime.dwHighDateTime=0x1d5e2a4, ftLastWriteTime.dwLowDateTime=0x169d2910, ftLastWriteTime.dwHighDateTime=0x1d5e2a4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jWz6NyW3t0HY4Cspo2L", cAlternateFileName="JWZ6NY~1")) returned 1 [0170.531] FindNextFileW (in: hFindFile=0x8dfcd70, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c3c2c90, ftCreationTime.dwHighDateTime=0x1d5e4ca, ftLastAccessTime.dwLowDateTime=0xde5bdae0, ftLastAccessTime.dwHighDateTime=0x1d5e151, ftLastWriteTime.dwLowDateTime=0xde5bdae0, ftLastWriteTime.dwHighDateTime=0x1d5e151, nFileSizeHigh=0x0, nFileSizeLow=0x1891d, dwReserved0=0x0, dwReserved1=0x0, cFileName="pUk iqx9utQs.doc", cAlternateFileName="PUKIQX~1.DOC")) returned 1 [0170.531] FindNextFileW (in: hFindFile=0x8dfcd70, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d550770, ftCreationTime.dwHighDateTime=0x1d5e1a0, ftLastAccessTime.dwLowDateTime=0x158a7d60, ftLastAccessTime.dwHighDateTime=0x1d5e782, ftLastWriteTime.dwLowDateTime=0x158a7d60, ftLastWriteTime.dwHighDateTime=0x1d5e782, nFileSizeHigh=0x0, nFileSizeLow=0xec12, dwReserved0=0x0, dwReserved1=0x0, cFileName="tgUfrPp8n0VG6waFUc7s.pps", cAlternateFileName="TGUFRP~1.PPS")) returned 1 [0170.531] FindNextFileW (in: hFindFile=0x8dfcd70, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x397596b0, ftCreationTime.dwHighDateTime=0x1d5ddbe, ftLastAccessTime.dwLowDateTime=0x83564b0, ftLastAccessTime.dwHighDateTime=0x1d5dc7c, ftLastWriteTime.dwLowDateTime=0x83564b0, ftLastWriteTime.dwHighDateTime=0x1d5dc7c, nFileSizeHigh=0x0, nFileSizeLow=0x8286, dwReserved0=0x0, dwReserved1=0x0, cFileName="T_6W KhKxXPwGa.pps", cAlternateFileName="T_6WKH~1.PPS")) returned 1 [0170.531] FindNextFileW (in: hFindFile=0x8dfcd70, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0170.531] FindClose (in: hFindFile=0x8dfcd70 | out: hFindFile=0x8dfcd70) returned 1 [0170.532] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0170.532] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0170.532] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0170.533] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH", lpFilePart=0x0) returned 0x50 [0170.533] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\", lpFilePart=0x0) returned 0x51 [0170.533] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x112fb2a0, ftCreationTime.dwHighDateTime=0x1d5df1a, ftLastAccessTime.dwLowDateTime=0xf011bb60, ftLastAccessTime.dwHighDateTime=0x1d5d92c, ftLastWriteTime.dwLowDateTime=0xf011bb60, ftLastWriteTime.dwHighDateTime=0x1d5d92c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8dfcd70 [0170.534] FindNextFileW (in: hFindFile=0x8dfcd70, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x112fb2a0, ftCreationTime.dwHighDateTime=0x1d5df1a, ftLastAccessTime.dwLowDateTime=0xf011bb60, ftLastAccessTime.dwHighDateTime=0x1d5d92c, ftLastWriteTime.dwLowDateTime=0xf011bb60, ftLastWriteTime.dwHighDateTime=0x1d5d92c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0170.534] FindNextFileW (in: hFindFile=0x8dfcd70, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4066de0, ftCreationTime.dwHighDateTime=0x1d5e675, ftLastAccessTime.dwLowDateTime=0x85822a20, ftLastAccessTime.dwHighDateTime=0x1d5e0aa, ftLastWriteTime.dwLowDateTime=0x85822a20, ftLastWriteTime.dwHighDateTime=0x1d5e0aa, nFileSizeHigh=0x0, nFileSizeLow=0x14f09, dwReserved0=0x0, dwReserved1=0x0, cFileName="EJL9MvsVxvf.ots", cAlternateFileName="EJL9MV~1.OTS")) returned 1 [0170.534] FindNextFileW (in: hFindFile=0x8dfcd70, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e112af0, ftCreationTime.dwHighDateTime=0x1d5e529, ftLastAccessTime.dwLowDateTime=0xc354a680, ftLastAccessTime.dwHighDateTime=0x1d5defb, ftLastWriteTime.dwLowDateTime=0xc354a680, ftLastWriteTime.dwHighDateTime=0x1d5defb, nFileSizeHigh=0x0, nFileSizeLow=0x10c27, dwReserved0=0x0, dwReserved1=0x0, cFileName="EnEC8-8loAEpSUfOjq.xlsx", cAlternateFileName="ENEC8-~1.XLS")) returned 1 [0170.535] FindNextFileW (in: hFindFile=0x8dfcd70, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbfdbfb90, ftCreationTime.dwHighDateTime=0x1d5dbbb, ftLastAccessTime.dwLowDateTime=0x361238f0, ftLastAccessTime.dwHighDateTime=0x1d5dd25, ftLastWriteTime.dwLowDateTime=0x361238f0, ftLastWriteTime.dwHighDateTime=0x1d5dd25, nFileSizeHigh=0x0, nFileSizeLow=0x93cd, dwReserved0=0x0, dwReserved1=0x0, cFileName="it1m.doc", cAlternateFileName="")) returned 1 [0170.535] FindNextFileW (in: hFindFile=0x8dfcd70, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfea88a70, ftCreationTime.dwHighDateTime=0x1d5e5b4, ftLastAccessTime.dwLowDateTime=0x169d2910, ftLastAccessTime.dwHighDateTime=0x1d5e2a4, ftLastWriteTime.dwLowDateTime=0x169d2910, ftLastWriteTime.dwHighDateTime=0x1d5e2a4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jWz6NyW3t0HY4Cspo2L", cAlternateFileName="JWZ6NY~1")) returned 1 [0170.535] FindNextFileW (in: hFindFile=0x8dfcd70, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c3c2c90, ftCreationTime.dwHighDateTime=0x1d5e4ca, ftLastAccessTime.dwLowDateTime=0xde5bdae0, ftLastAccessTime.dwHighDateTime=0x1d5e151, ftLastWriteTime.dwLowDateTime=0xde5bdae0, ftLastWriteTime.dwHighDateTime=0x1d5e151, nFileSizeHigh=0x0, nFileSizeLow=0x1891d, dwReserved0=0x0, dwReserved1=0x0, cFileName="pUk iqx9utQs.doc", cAlternateFileName="PUKIQX~1.DOC")) returned 1 [0170.535] FindNextFileW (in: hFindFile=0x8dfcd70, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d550770, ftCreationTime.dwHighDateTime=0x1d5e1a0, ftLastAccessTime.dwLowDateTime=0x158a7d60, ftLastAccessTime.dwHighDateTime=0x1d5e782, ftLastWriteTime.dwLowDateTime=0x158a7d60, ftLastWriteTime.dwHighDateTime=0x1d5e782, nFileSizeHigh=0x0, nFileSizeLow=0xec12, dwReserved0=0x0, dwReserved1=0x0, cFileName="tgUfrPp8n0VG6waFUc7s.pps", cAlternateFileName="TGUFRP~1.PPS")) returned 1 [0170.536] FindNextFileW (in: hFindFile=0x8dfcd70, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x397596b0, ftCreationTime.dwHighDateTime=0x1d5ddbe, ftLastAccessTime.dwLowDateTime=0x83564b0, ftLastAccessTime.dwHighDateTime=0x1d5dc7c, ftLastWriteTime.dwLowDateTime=0x83564b0, ftLastWriteTime.dwHighDateTime=0x1d5dc7c, nFileSizeHigh=0x0, nFileSizeLow=0x8286, dwReserved0=0x0, dwReserved1=0x0, cFileName="T_6W KhKxXPwGa.pps", cAlternateFileName="T_6WKH~1.PPS")) returned 1 [0170.536] FindNextFileW (in: hFindFile=0x8dfcd70, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x397596b0, ftCreationTime.dwHighDateTime=0x1d5ddbe, ftLastAccessTime.dwLowDateTime=0x83564b0, ftLastAccessTime.dwHighDateTime=0x1d5dc7c, ftLastWriteTime.dwLowDateTime=0x83564b0, ftLastWriteTime.dwHighDateTime=0x1d5dc7c, nFileSizeHigh=0x0, nFileSizeLow=0x8286, dwReserved0=0x0, dwReserved1=0x0, cFileName="T_6W KhKxXPwGa.pps", cAlternateFileName="T_6WKH~1.PPS")) returned 0 [0170.536] FindClose (in: hFindFile=0x8dfcd70 | out: hFindFile=0x8dfcd70) returned 1 [0170.537] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0170.537] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0170.537] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\EnEC8-8loAEpSUfOjq.xlsx", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\EnEC8-8loAEpSUfOjq.xlsx", lpFilePart=0x0) returned 0x68 [0170.537] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0170.537] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\EnEC8-8loAEpSUfOjq.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\enec8-8loaepsufojq.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.539] GetFileType (hFile=0x4d0) returned 0x1 [0170.539] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0170.539] GetFileType (hFile=0x4d0) returned 0x1 [0170.539] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x10c27 [0170.539] ReadFile (in: hFile=0x4d0, lpBuffer=0x2535830, nNumberOfBytesToRead=0x10c27, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x2535830*, lpNumberOfBytesRead=0x3fe8e4*=0x10c27, lpOverlapped=0x0) returned 1 [0170.543] CloseHandle (hObject=0x4d0) returned 1 [0170.588] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0170.588] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0170.588] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0170.588] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0170.588] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\EnEC8-8loAEpSUfOjq.xlsx", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\EnEC8-8loAEpSUfOjq.xlsx", lpFilePart=0x0) returned 0x68 [0170.588] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0170.588] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\EnEC8-8loAEpSUfOjq.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\enec8-8loaepsufojq.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.590] GetFileType (hFile=0x4d0) returned 0x1 [0170.590] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0170.590] GetFileType (hFile=0x4d0) returned 0x1 [0170.590] WriteFile (in: hFile=0x4d0, lpBuffer=0x25b4be0*, nNumberOfBytesToWrite=0x10c30, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0x25b4be0*, lpNumberOfBytesWritten=0x3fe8d4*=0x10c30, lpOverlapped=0x0) returned 1 [0170.591] CloseHandle (hObject=0x4d0) returned 1 [0170.593] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\EnEC8-8loAEpSUfOjq.xlsx", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\EnEC8-8loAEpSUfOjq.xlsx", lpFilePart=0x0) returned 0x68 [0170.593] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\EnEC8-8loAEpSUfOjq.xlsx.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\EnEC8-8loAEpSUfOjq.xlsx.encrypted", lpFilePart=0x0) returned 0x72 [0170.593] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0170.593] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\EnEC8-8loAEpSUfOjq.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\enec8-8loaepsufojq.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e112af0, ftCreationTime.dwHighDateTime=0x1d5e529, ftLastAccessTime.dwLowDateTime=0xc354a680, ftLastAccessTime.dwHighDateTime=0x1d5defb, ftLastWriteTime.dwLowDateTime=0x1a3277c0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x10c30)) returned 1 [0170.593] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0170.593] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\EnEC8-8loAEpSUfOjq.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\enec8-8loaepsufojq.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\EnEC8-8loAEpSUfOjq.xlsx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\enec8-8loaepsufojq.xlsx.encrypted")) returned 1 [0170.595] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\it1m.doc", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\it1m.doc", lpFilePart=0x0) returned 0x59 [0170.595] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0170.595] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\it1m.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\it1m.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.596] GetFileType (hFile=0x4d0) returned 0x1 [0170.596] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0170.596] GetFileType (hFile=0x4d0) returned 0x1 [0170.596] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x93cd [0170.596] ReadFile (in: hFile=0x4d0, lpBuffer=0x25c5ee0, nNumberOfBytesToRead=0x93cd, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x25c5ee0*, lpNumberOfBytesRead=0x3fe8e4*=0x93cd, lpOverlapped=0x0) returned 1 [0170.597] CloseHandle (hObject=0x4d0) returned 1 [0170.612] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0170.612] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0170.612] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0170.613] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0170.613] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\it1m.doc", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\it1m.doc", lpFilePart=0x0) returned 0x59 [0170.613] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0170.613] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\it1m.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\it1m.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.614] GetFileType (hFile=0x4d0) returned 0x1 [0170.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0170.614] GetFileType (hFile=0x4d0) returned 0x1 [0170.614] WriteFile (in: hFile=0x4d0, lpBuffer=0x2640fa0*, nNumberOfBytesToWrite=0x93d0, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0x2640fa0*, lpNumberOfBytesWritten=0x3fe8d4*=0x93d0, lpOverlapped=0x0) returned 1 [0170.616] CloseHandle (hObject=0x4d0) returned 1 [0170.617] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\it1m.doc", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\it1m.doc", lpFilePart=0x0) returned 0x59 [0170.617] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\it1m.doc.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\it1m.doc.encrypted", lpFilePart=0x0) returned 0x63 [0170.617] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0170.617] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\it1m.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\it1m.doc"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbfdbfb90, ftCreationTime.dwHighDateTime=0x1d5dbbb, ftLastAccessTime.dwLowDateTime=0x361238f0, ftLastAccessTime.dwHighDateTime=0x1d5dd25, ftLastWriteTime.dwLowDateTime=0x1a373a80, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x93d0)) returned 1 [0170.617] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0170.617] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\it1m.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\it1m.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\it1m.doc.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\it1m.doc.encrypted")) returned 1 [0170.618] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\pUk iqx9utQs.doc", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\pUk iqx9utQs.doc", lpFilePart=0x0) returned 0x61 [0170.618] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0170.618] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\pUk iqx9utQs.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\puk iqx9utqs.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.619] GetFileType (hFile=0x4d0) returned 0x1 [0170.619] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0170.619] GetFileType (hFile=0x4d0) returned 0x1 [0170.619] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x1891d [0170.620] ReadFile (in: hFile=0x4d0, lpBuffer=0x400dc10, nNumberOfBytesToRead=0x1891d, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x400dc10*, lpNumberOfBytesRead=0x3fe8e4*=0x1891d, lpOverlapped=0x0) returned 1 [0170.622] CloseHandle (hObject=0x4d0) returned 1 [0170.643] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0170.643] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0170.643] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0170.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0170.643] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\pUk iqx9utQs.doc", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\pUk iqx9utQs.doc", lpFilePart=0x0) returned 0x61 [0170.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0170.644] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\pUk iqx9utQs.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\puk iqx9utqs.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.645] GetFileType (hFile=0x4d0) returned 0x1 [0170.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0170.645] GetFileType (hFile=0x4d0) returned 0x1 [0170.645] WriteFile (in: hFile=0x4d0, lpBuffer=0x40889f0*, nNumberOfBytesToWrite=0x18920, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0x40889f0*, lpNumberOfBytesWritten=0x3fe8d4*=0x18920, lpOverlapped=0x0) returned 1 [0170.648] CloseHandle (hObject=0x4d0) returned 1 [0170.649] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\pUk iqx9utQs.doc", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\pUk iqx9utQs.doc", lpFilePart=0x0) returned 0x61 [0170.649] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\pUk iqx9utQs.doc.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\pUk iqx9utQs.doc.encrypted", lpFilePart=0x0) returned 0x6b [0170.649] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0170.649] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\pUk iqx9utQs.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\puk iqx9utqs.doc"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c3c2c90, ftCreationTime.dwHighDateTime=0x1d5e4ca, ftLastAccessTime.dwLowDateTime=0xde5bdae0, ftLastAccessTime.dwHighDateTime=0x1d5e151, ftLastWriteTime.dwLowDateTime=0x1a3bfd40, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x18920)) returned 1 [0170.650] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0170.650] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\pUk iqx9utQs.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\puk iqx9utqs.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\pUk iqx9utQs.doc.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\puk iqx9utqs.doc.encrypted")) returned 1 [0170.651] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe908) returned 1 [0170.651] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L", nBufferLength=0x105, lpBuffer=0x3fe410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L", lpFilePart=0x0) returned 0x64 [0170.651] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\", lpFilePart=0x0) returned 0x65 [0170.651] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\*", lpFindFileData=0x3fe630 | out: lpFindFileData=0x3fe630*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfea88a70, ftCreationTime.dwHighDateTime=0x1d5e5b4, ftLastAccessTime.dwLowDateTime=0x169d2910, ftLastAccessTime.dwHighDateTime=0x1d5e2a4, ftLastWriteTime.dwLowDateTime=0x169d2910, ftLastWriteTime.dwHighDateTime=0x1d5e2a4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8dfcef0 [0170.655] FindNextFileW (in: hFindFile=0x8dfcef0, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfea88a70, ftCreationTime.dwHighDateTime=0x1d5e5b4, ftLastAccessTime.dwLowDateTime=0x169d2910, ftLastAccessTime.dwHighDateTime=0x1d5e2a4, ftLastWriteTime.dwLowDateTime=0x169d2910, ftLastWriteTime.dwHighDateTime=0x1d5e2a4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0170.655] FindNextFileW (in: hFindFile=0x8dfcef0, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef6b87f0, ftCreationTime.dwHighDateTime=0x1d5e56f, ftLastAccessTime.dwLowDateTime=0xf9619910, ftLastAccessTime.dwHighDateTime=0x1d5e75f, ftLastWriteTime.dwLowDateTime=0xf9619910, ftLastWriteTime.dwHighDateTime=0x1d5e75f, nFileSizeHigh=0x0, nFileSizeLow=0x175f9, dwReserved0=0x0, dwReserved1=0x0, cFileName="B5xVdE0-.odp", cAlternateFileName="")) returned 1 [0170.655] FindNextFileW (in: hFindFile=0x8dfcef0, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c931380, ftCreationTime.dwHighDateTime=0x1d5e438, ftLastAccessTime.dwLowDateTime=0x652b9e20, ftLastAccessTime.dwHighDateTime=0x1d5e2ab, ftLastWriteTime.dwLowDateTime=0x652b9e20, ftLastWriteTime.dwHighDateTime=0x1d5e2ab, nFileSizeHigh=0x0, nFileSizeLow=0x13526, dwReserved0=0x0, dwReserved1=0x0, cFileName="ivM1Zrvj-k5n O.csv", cAlternateFileName="IVM1ZR~1.CSV")) returned 1 [0170.656] FindNextFileW (in: hFindFile=0x8dfcef0, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13d0bda0, ftCreationTime.dwHighDateTime=0x1d5e54c, ftLastAccessTime.dwLowDateTime=0xb22f6150, ftLastAccessTime.dwHighDateTime=0x1d5df8d, ftLastWriteTime.dwLowDateTime=0xb22f6150, ftLastWriteTime.dwHighDateTime=0x1d5df8d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="mvLJ", cAlternateFileName="")) returned 1 [0170.656] FindNextFileW (in: hFindFile=0x8dfcef0, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x97f1e030, ftCreationTime.dwHighDateTime=0x1d5dd24, ftLastAccessTime.dwLowDateTime=0x879010c0, ftLastAccessTime.dwHighDateTime=0x1d5e677, ftLastWriteTime.dwLowDateTime=0x879010c0, ftLastWriteTime.dwHighDateTime=0x1d5e677, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="s1CtOvgXxiNQ", cAlternateFileName="S1CTOV~1")) returned 1 [0170.656] FindNextFileW (in: hFindFile=0x8dfcef0, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e7d00, ftCreationTime.dwHighDateTime=0x1d5da4e, ftLastAccessTime.dwLowDateTime=0x4acbd980, ftLastAccessTime.dwHighDateTime=0x1d5dff6, ftLastWriteTime.dwLowDateTime=0x4acbd980, ftLastWriteTime.dwHighDateTime=0x1d5dff6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UAbWyI", cAlternateFileName="")) returned 1 [0170.656] FindNextFileW (in: hFindFile=0x8dfcef0, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e7d00, ftCreationTime.dwHighDateTime=0x1d5da4e, ftLastAccessTime.dwLowDateTime=0x4acbd980, ftLastAccessTime.dwHighDateTime=0x1d5dff6, ftLastWriteTime.dwLowDateTime=0x4acbd980, ftLastWriteTime.dwHighDateTime=0x1d5dff6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UAbWyI", cAlternateFileName="")) returned 0 [0170.656] FindClose (in: hFindFile=0x8dfcef0 | out: hFindFile=0x8dfcef0) returned 1 [0170.657] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8c8) returned 1 [0170.657] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0170.657] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe908) returned 1 [0170.657] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L", nBufferLength=0x105, lpBuffer=0x3fe410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L", lpFilePart=0x0) returned 0x64 [0170.657] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\", lpFilePart=0x0) returned 0x65 [0170.657] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\*", lpFindFileData=0x3fe630 | out: lpFindFileData=0x3fe630*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfea88a70, ftCreationTime.dwHighDateTime=0x1d5e5b4, ftLastAccessTime.dwLowDateTime=0x169d2910, ftLastAccessTime.dwHighDateTime=0x1d5e2a4, ftLastWriteTime.dwLowDateTime=0x169d2910, ftLastWriteTime.dwHighDateTime=0x1d5e2a4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8dfcef0 [0170.658] FindNextFileW (in: hFindFile=0x8dfcef0, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfea88a70, ftCreationTime.dwHighDateTime=0x1d5e5b4, ftLastAccessTime.dwLowDateTime=0x169d2910, ftLastAccessTime.dwHighDateTime=0x1d5e2a4, ftLastWriteTime.dwLowDateTime=0x169d2910, ftLastWriteTime.dwHighDateTime=0x1d5e2a4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0170.658] FindNextFileW (in: hFindFile=0x8dfcef0, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef6b87f0, ftCreationTime.dwHighDateTime=0x1d5e56f, ftLastAccessTime.dwLowDateTime=0xf9619910, ftLastAccessTime.dwHighDateTime=0x1d5e75f, ftLastWriteTime.dwLowDateTime=0xf9619910, ftLastWriteTime.dwHighDateTime=0x1d5e75f, nFileSizeHigh=0x0, nFileSizeLow=0x175f9, dwReserved0=0x0, dwReserved1=0x0, cFileName="B5xVdE0-.odp", cAlternateFileName="")) returned 1 [0170.659] FindNextFileW (in: hFindFile=0x8dfcef0, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c931380, ftCreationTime.dwHighDateTime=0x1d5e438, ftLastAccessTime.dwLowDateTime=0x652b9e20, ftLastAccessTime.dwHighDateTime=0x1d5e2ab, ftLastWriteTime.dwLowDateTime=0x652b9e20, ftLastWriteTime.dwHighDateTime=0x1d5e2ab, nFileSizeHigh=0x0, nFileSizeLow=0x13526, dwReserved0=0x0, dwReserved1=0x0, cFileName="ivM1Zrvj-k5n O.csv", cAlternateFileName="IVM1ZR~1.CSV")) returned 1 [0170.659] FindNextFileW (in: hFindFile=0x8dfcef0, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13d0bda0, ftCreationTime.dwHighDateTime=0x1d5e54c, ftLastAccessTime.dwLowDateTime=0xb22f6150, ftLastAccessTime.dwHighDateTime=0x1d5df8d, ftLastWriteTime.dwLowDateTime=0xb22f6150, ftLastWriteTime.dwHighDateTime=0x1d5df8d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="mvLJ", cAlternateFileName="")) returned 1 [0170.659] FindNextFileW (in: hFindFile=0x8dfcef0, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x97f1e030, ftCreationTime.dwHighDateTime=0x1d5dd24, ftLastAccessTime.dwLowDateTime=0x879010c0, ftLastAccessTime.dwHighDateTime=0x1d5e677, ftLastWriteTime.dwLowDateTime=0x879010c0, ftLastWriteTime.dwHighDateTime=0x1d5e677, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="s1CtOvgXxiNQ", cAlternateFileName="S1CTOV~1")) returned 1 [0170.659] FindNextFileW (in: hFindFile=0x8dfcef0, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e7d00, ftCreationTime.dwHighDateTime=0x1d5da4e, ftLastAccessTime.dwLowDateTime=0x4acbd980, ftLastAccessTime.dwHighDateTime=0x1d5dff6, ftLastWriteTime.dwLowDateTime=0x4acbd980, ftLastWriteTime.dwHighDateTime=0x1d5dff6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UAbWyI", cAlternateFileName="")) returned 1 [0170.659] FindNextFileW (in: hFindFile=0x8dfcef0, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0170.659] FindClose (in: hFindFile=0x8dfcef0 | out: hFindFile=0x8dfcef0) returned 1 [0170.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8c8) returned 1 [0170.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0170.660] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\ivM1Zrvj-k5n O.csv", nBufferLength=0x105, lpBuffer=0x3fe2fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\ivM1Zrvj-k5n O.csv", lpFilePart=0x0) returned 0x77 [0170.660] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7f0) returned 1 [0170.660] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\ivM1Zrvj-k5n O.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\ivm1zrvj-k5n o.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.661] GetFileType (hFile=0x4d0) returned 0x1 [0170.661] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7ec) returned 1 [0170.661] GetFileType (hFile=0x4d0) returned 0x1 [0170.661] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe8f8 | out: lpFileSizeHigh=0x3fe8f8*=0x0) returned 0x13526 [0170.661] ReadFile (in: hFile=0x4d0, lpBuffer=0x269b1cc, nNumberOfBytesToRead=0x13526, lpNumberOfBytesRead=0x3fe8a4, lpOverlapped=0x0 | out: lpBuffer=0x269b1cc*, lpNumberOfBytesRead=0x3fe8a4*=0x13526, lpOverlapped=0x0) returned 1 [0170.730] CloseHandle (hObject=0x4d0) returned 1 [0170.778] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0170.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe870) returned 1 [0170.778] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe8ec | out: lpFileInformation=0x3fe8ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0170.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe86c) returned 1 [0170.778] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\ivM1Zrvj-k5n O.csv", nBufferLength=0x105, lpBuffer=0x3fe2e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\ivM1Zrvj-k5n O.csv", lpFilePart=0x0) returned 0x77 [0170.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7d8) returned 1 [0170.778] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\ivM1Zrvj-k5n O.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\ivm1zrvj-k5n o.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.779] GetFileType (hFile=0x4d0) returned 0x1 [0170.779] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7d4) returned 1 [0170.779] GetFileType (hFile=0x4d0) returned 0x1 [0170.780] WriteFile (in: hFile=0x4d0, lpBuffer=0x25422fc*, nNumberOfBytesToWrite=0x13530, lpNumberOfBytesWritten=0x3fe894, lpOverlapped=0x0 | out: lpBuffer=0x25422fc*, lpNumberOfBytesWritten=0x3fe894*=0x13530, lpOverlapped=0x0) returned 1 [0170.781] CloseHandle (hObject=0x4d0) returned 1 [0170.785] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\ivM1Zrvj-k5n O.csv", nBufferLength=0x105, lpBuffer=0x3fe41c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\ivM1Zrvj-k5n O.csv", lpFilePart=0x0) returned 0x77 [0170.785] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\ivM1Zrvj-k5n O.csv.encrypted", nBufferLength=0x105, lpBuffer=0x3fe41c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\ivM1Zrvj-k5n O.csv.encrypted", lpFilePart=0x0) returned 0x81 [0170.785] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe87c) returned 1 [0170.785] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\ivM1Zrvj-k5n O.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\ivm1zrvj-k5n o.csv"), fInfoLevelId=0x0, lpFileInformation=0x3fe8f8 | out: lpFileInformation=0x3fe8f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c931380, ftCreationTime.dwHighDateTime=0x1d5e438, ftLastAccessTime.dwLowDateTime=0x652b9e20, ftLastAccessTime.dwHighDateTime=0x1d5e2ab, ftLastWriteTime.dwLowDateTime=0x1a4f0840, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x13530)) returned 1 [0170.785] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe878) returned 1 [0170.785] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\ivM1Zrvj-k5n O.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\ivm1zrvj-k5n o.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\ivM1Zrvj-k5n O.csv.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\ivm1zrvj-k5n o.csv.encrypted")) returned 1 [0170.787] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8c8) returned 1 [0170.787] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\mvLJ", nBufferLength=0x105, lpBuffer=0x3fe3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\mvLJ", lpFilePart=0x0) returned 0x69 [0170.787] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\mvLJ\\", nBufferLength=0x105, lpBuffer=0x3fe3a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\mvLJ\\", lpFilePart=0x0) returned 0x6a [0170.787] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\mvLJ\\*", lpFindFileData=0x3fe5f0 | out: lpFindFileData=0x3fe5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13d0bda0, ftCreationTime.dwHighDateTime=0x1d5e54c, ftLastAccessTime.dwLowDateTime=0xb22f6150, ftLastAccessTime.dwHighDateTime=0x1d5df8d, ftLastWriteTime.dwLowDateTime=0xb22f6150, ftLastWriteTime.dwHighDateTime=0x1d5df8d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8dfcf70 [0170.787] FindNextFileW (in: hFindFile=0x8dfcf70, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13d0bda0, ftCreationTime.dwHighDateTime=0x1d5e54c, ftLastAccessTime.dwLowDateTime=0xb22f6150, ftLastAccessTime.dwHighDateTime=0x1d5df8d, ftLastWriteTime.dwLowDateTime=0xb22f6150, ftLastWriteTime.dwHighDateTime=0x1d5df8d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0170.787] FindNextFileW (in: hFindFile=0x8dfcf70, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aff92d0, ftCreationTime.dwHighDateTime=0x1d5e1ad, ftLastAccessTime.dwLowDateTime=0x7c76c030, ftLastAccessTime.dwHighDateTime=0x1d5e325, ftLastWriteTime.dwLowDateTime=0x7c76c030, ftLastWriteTime.dwHighDateTime=0x1d5e325, nFileSizeHigh=0x0, nFileSizeLow=0xdab9, dwReserved0=0x0, dwReserved1=0x0, cFileName="6ro4esLdTdhW.csv", cAlternateFileName="6RO4ES~1.CSV")) returned 1 [0170.788] FindNextFileW (in: hFindFile=0x8dfcf70, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3aad750, ftCreationTime.dwHighDateTime=0x1d5e2e1, ftLastAccessTime.dwLowDateTime=0x5ca7d6b0, ftLastAccessTime.dwHighDateTime=0x1d5dc52, ftLastWriteTime.dwLowDateTime=0x5ca7d6b0, ftLastWriteTime.dwHighDateTime=0x1d5dc52, nFileSizeHigh=0x0, nFileSizeLow=0xfed2, dwReserved0=0x0, dwReserved1=0x0, cFileName="YB4q_D-.odp", cAlternateFileName="")) returned 1 [0170.788] FindNextFileW (in: hFindFile=0x8dfcf70, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a266a10, ftCreationTime.dwHighDateTime=0x1d5e469, ftLastAccessTime.dwLowDateTime=0xa12d1f30, ftLastAccessTime.dwHighDateTime=0x1d5e269, ftLastWriteTime.dwLowDateTime=0xa12d1f30, ftLastWriteTime.dwHighDateTime=0x1d5e269, nFileSizeHigh=0x0, nFileSizeLow=0x171b9, dwReserved0=0x0, dwReserved1=0x0, cFileName="yinQ7bIGt8.ots", cAlternateFileName="YINQ7B~1.OTS")) returned 1 [0170.788] FindNextFileW (in: hFindFile=0x8dfcf70, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0170.788] FindClose (in: hFindFile=0x8dfcf70 | out: hFindFile=0x8dfcf70) returned 1 [0170.788] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe888) returned 1 [0170.788] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe894) returned 1 [0170.788] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8c8) returned 1 [0170.788] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\mvLJ", nBufferLength=0x105, lpBuffer=0x3fe3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\mvLJ", lpFilePart=0x0) returned 0x69 [0170.788] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\mvLJ\\", nBufferLength=0x105, lpBuffer=0x3fe3a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\mvLJ\\", lpFilePart=0x0) returned 0x6a [0170.788] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\mvLJ\\*", lpFindFileData=0x3fe5f0 | out: lpFindFileData=0x3fe5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13d0bda0, ftCreationTime.dwHighDateTime=0x1d5e54c, ftLastAccessTime.dwLowDateTime=0xb22f6150, ftLastAccessTime.dwHighDateTime=0x1d5df8d, ftLastWriteTime.dwLowDateTime=0xb22f6150, ftLastWriteTime.dwHighDateTime=0x1d5df8d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8dfcf70 [0170.788] FindNextFileW (in: hFindFile=0x8dfcf70, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13d0bda0, ftCreationTime.dwHighDateTime=0x1d5e54c, ftLastAccessTime.dwLowDateTime=0xb22f6150, ftLastAccessTime.dwHighDateTime=0x1d5df8d, ftLastWriteTime.dwLowDateTime=0xb22f6150, ftLastWriteTime.dwHighDateTime=0x1d5df8d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0170.789] FindNextFileW (in: hFindFile=0x8dfcf70, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aff92d0, ftCreationTime.dwHighDateTime=0x1d5e1ad, ftLastAccessTime.dwLowDateTime=0x7c76c030, ftLastAccessTime.dwHighDateTime=0x1d5e325, ftLastWriteTime.dwLowDateTime=0x7c76c030, ftLastWriteTime.dwHighDateTime=0x1d5e325, nFileSizeHigh=0x0, nFileSizeLow=0xdab9, dwReserved0=0x0, dwReserved1=0x0, cFileName="6ro4esLdTdhW.csv", cAlternateFileName="6RO4ES~1.CSV")) returned 1 [0170.789] FindNextFileW (in: hFindFile=0x8dfcf70, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3aad750, ftCreationTime.dwHighDateTime=0x1d5e2e1, ftLastAccessTime.dwLowDateTime=0x5ca7d6b0, ftLastAccessTime.dwHighDateTime=0x1d5dc52, ftLastWriteTime.dwLowDateTime=0x5ca7d6b0, ftLastWriteTime.dwHighDateTime=0x1d5dc52, nFileSizeHigh=0x0, nFileSizeLow=0xfed2, dwReserved0=0x0, dwReserved1=0x0, cFileName="YB4q_D-.odp", cAlternateFileName="")) returned 1 [0170.789] FindNextFileW (in: hFindFile=0x8dfcf70, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a266a10, ftCreationTime.dwHighDateTime=0x1d5e469, ftLastAccessTime.dwLowDateTime=0xa12d1f30, ftLastAccessTime.dwHighDateTime=0x1d5e269, ftLastWriteTime.dwLowDateTime=0xa12d1f30, ftLastWriteTime.dwHighDateTime=0x1d5e269, nFileSizeHigh=0x0, nFileSizeLow=0x171b9, dwReserved0=0x0, dwReserved1=0x0, cFileName="yinQ7bIGt8.ots", cAlternateFileName="YINQ7B~1.OTS")) returned 1 [0170.789] FindNextFileW (in: hFindFile=0x8dfcf70, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a266a10, ftCreationTime.dwHighDateTime=0x1d5e469, ftLastAccessTime.dwLowDateTime=0xa12d1f30, ftLastAccessTime.dwHighDateTime=0x1d5e269, ftLastWriteTime.dwLowDateTime=0xa12d1f30, ftLastWriteTime.dwHighDateTime=0x1d5e269, nFileSizeHigh=0x0, nFileSizeLow=0x171b9, dwReserved0=0x0, dwReserved1=0x0, cFileName="yinQ7bIGt8.ots", cAlternateFileName="YINQ7B~1.OTS")) returned 0 [0170.789] FindClose (in: hFindFile=0x8dfcf70 | out: hFindFile=0x8dfcf70) returned 1 [0170.789] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe888) returned 1 [0170.789] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe894) returned 1 [0170.790] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\mvLJ\\6ro4esLdTdhW.csv", nBufferLength=0x105, lpBuffer=0x3fe2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\mvLJ\\6ro4esLdTdhW.csv", lpFilePart=0x0) returned 0x7a [0170.790] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7b0) returned 1 [0170.790] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\mvLJ\\6ro4esLdTdhW.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\mvlj\\6ro4esldtdhw.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.791] GetFileType (hFile=0x4d0) returned 0x1 [0170.791] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7ac) returned 1 [0170.791] GetFileType (hFile=0x4d0) returned 0x1 [0170.791] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe8b8 | out: lpFileSizeHigh=0x3fe8b8*=0x0) returned 0xdab9 [0170.792] ReadFile (in: hFile=0x4d0, lpBuffer=0x2558c3c, nNumberOfBytesToRead=0xdab9, lpNumberOfBytesRead=0x3fe864, lpOverlapped=0x0 | out: lpBuffer=0x2558c3c*, lpNumberOfBytesRead=0x3fe864*=0xdab9, lpOverlapped=0x0) returned 1 [0170.793] CloseHandle (hObject=0x4d0) returned 1 [0170.810] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0170.811] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0170.811] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe8ac | out: lpFileInformation=0x3fe8ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0170.811] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0170.811] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\mvLJ\\6ro4esLdTdhW.csv", nBufferLength=0x105, lpBuffer=0x3fe2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\mvLJ\\6ro4esLdTdhW.csv", lpFilePart=0x0) returned 0x7a [0170.811] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe798) returned 1 [0170.811] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\mvLJ\\6ro4esLdTdhW.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\mvlj\\6ro4esldtdhw.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.812] GetFileType (hFile=0x4d0) returned 0x1 [0170.812] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe794) returned 1 [0170.812] GetFileType (hFile=0x4d0) returned 0x1 [0170.812] WriteFile (in: hFile=0x4d0, lpBuffer=0x25ceb9c*, nNumberOfBytesToWrite=0xdac0, lpNumberOfBytesWritten=0x3fe854, lpOverlapped=0x0 | out: lpBuffer=0x25ceb9c*, lpNumberOfBytesWritten=0x3fe854*=0xdac0, lpOverlapped=0x0) returned 1 [0170.814] CloseHandle (hObject=0x4d0) returned 1 [0170.815] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\mvLJ\\6ro4esLdTdhW.csv", nBufferLength=0x105, lpBuffer=0x3fe3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\mvLJ\\6ro4esLdTdhW.csv", lpFilePart=0x0) returned 0x7a [0170.815] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\mvLJ\\6ro4esLdTdhW.csv.encrypted", nBufferLength=0x105, lpBuffer=0x3fe3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\mvLJ\\6ro4esLdTdhW.csv.encrypted", lpFilePart=0x0) returned 0x84 [0170.815] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe83c) returned 1 [0170.815] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\mvLJ\\6ro4esLdTdhW.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\mvlj\\6ro4esldtdhw.csv"), fInfoLevelId=0x0, lpFileInformation=0x3fe8b8 | out: lpFileInformation=0x3fe8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aff92d0, ftCreationTime.dwHighDateTime=0x1d5e1ad, ftLastAccessTime.dwLowDateTime=0x7c76c030, ftLastAccessTime.dwHighDateTime=0x1d5e325, ftLastWriteTime.dwLowDateTime=0x1a53cb00, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0xdac0)) returned 1 [0170.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe838) returned 1 [0170.815] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\mvLJ\\6ro4esLdTdhW.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\mvlj\\6ro4esldtdhw.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\mvLJ\\6ro4esLdTdhW.csv.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\mvlj\\6ro4esldtdhw.csv.encrypted")) returned 1 [0170.817] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8c8) returned 1 [0170.817] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ", nBufferLength=0x105, lpBuffer=0x3fe3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ", lpFilePart=0x0) returned 0x71 [0170.817] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\", nBufferLength=0x105, lpBuffer=0x3fe3a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\", lpFilePart=0x0) returned 0x72 [0170.817] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\*", lpFindFileData=0x3fe5f0 | out: lpFindFileData=0x3fe5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x97f1e030, ftCreationTime.dwHighDateTime=0x1d5dd24, ftLastAccessTime.dwLowDateTime=0x879010c0, ftLastAccessTime.dwHighDateTime=0x1d5e677, ftLastWriteTime.dwLowDateTime=0x879010c0, ftLastWriteTime.dwHighDateTime=0x1d5e677, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8dfcff0 [0170.820] FindNextFileW (in: hFindFile=0x8dfcff0, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x97f1e030, ftCreationTime.dwHighDateTime=0x1d5dd24, ftLastAccessTime.dwLowDateTime=0x879010c0, ftLastAccessTime.dwHighDateTime=0x1d5e677, ftLastWriteTime.dwLowDateTime=0x879010c0, ftLastWriteTime.dwHighDateTime=0x1d5e677, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0170.820] FindNextFileW (in: hFindFile=0x8dfcff0, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb152f20, ftCreationTime.dwHighDateTime=0x1d5de08, ftLastAccessTime.dwLowDateTime=0x7f659d80, ftLastAccessTime.dwHighDateTime=0x1d5e66c, ftLastWriteTime.dwLowDateTime=0x7f659d80, ftLastWriteTime.dwHighDateTime=0x1d5e66c, nFileSizeHigh=0x0, nFileSizeLow=0x9781, dwReserved0=0x0, dwReserved1=0x0, cFileName="3DiWbcJjnvk hj-Pi.ppt", cAlternateFileName="3DIWBC~1.PPT")) returned 1 [0170.820] FindNextFileW (in: hFindFile=0x8dfcff0, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa48d6880, ftCreationTime.dwHighDateTime=0x1d5d966, ftLastAccessTime.dwLowDateTime=0xe38776c0, ftLastAccessTime.dwHighDateTime=0x1d5e3b1, ftLastWriteTime.dwLowDateTime=0xe38776c0, ftLastWriteTime.dwHighDateTime=0x1d5e3b1, nFileSizeHigh=0x0, nFileSizeLow=0xe45e, dwReserved0=0x0, dwReserved1=0x0, cFileName="OHb vrtCriruE.pps", cAlternateFileName="OHBVRT~1.PPS")) returned 1 [0170.820] FindNextFileW (in: hFindFile=0x8dfcff0, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x217c45f0, ftCreationTime.dwHighDateTime=0x1d5db65, ftLastAccessTime.dwLowDateTime=0xe976c500, ftLastAccessTime.dwHighDateTime=0x1d5e225, ftLastWriteTime.dwLowDateTime=0xe976c500, ftLastWriteTime.dwHighDateTime=0x1d5e225, nFileSizeHigh=0x0, nFileSizeLow=0x10abb, dwReserved0=0x0, dwReserved1=0x0, cFileName="PwjCZbBF8izkVTaY7.pdf", cAlternateFileName="PWJCZB~1.PDF")) returned 1 [0170.820] FindNextFileW (in: hFindFile=0x8dfcff0, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd685e900, ftCreationTime.dwHighDateTime=0x1d5e4a3, ftLastAccessTime.dwLowDateTime=0xe1e2e040, ftLastAccessTime.dwHighDateTime=0x1d5d8b5, ftLastWriteTime.dwLowDateTime=0xe1e2e040, ftLastWriteTime.dwHighDateTime=0x1d5d8b5, nFileSizeHigh=0x0, nFileSizeLow=0xe558, dwReserved0=0x0, dwReserved1=0x0, cFileName="QuOrBUR7n.pdf", cAlternateFileName="QUORBU~1.PDF")) returned 1 [0170.820] FindNextFileW (in: hFindFile=0x8dfcff0, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d28eec0, ftCreationTime.dwHighDateTime=0x1d5d7ff, ftLastAccessTime.dwLowDateTime=0x45810a20, ftLastAccessTime.dwHighDateTime=0x1d5e2aa, ftLastWriteTime.dwLowDateTime=0x45810a20, ftLastWriteTime.dwHighDateTime=0x1d5e2aa, nFileSizeHigh=0x0, nFileSizeLow=0x178ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZfXMBSQYzU5Y.ods", cAlternateFileName="ZFXMBS~1.ODS")) returned 1 [0170.820] FindNextFileW (in: hFindFile=0x8dfcff0, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0170.821] FindClose (in: hFindFile=0x8dfcff0 | out: hFindFile=0x8dfcff0) returned 1 [0170.821] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe888) returned 1 [0170.821] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe894) returned 1 [0170.821] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8c8) returned 1 [0170.821] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ", nBufferLength=0x105, lpBuffer=0x3fe3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ", lpFilePart=0x0) returned 0x71 [0170.821] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\", nBufferLength=0x105, lpBuffer=0x3fe3a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\", lpFilePart=0x0) returned 0x72 [0170.822] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\*", lpFindFileData=0x3fe5f0 | out: lpFindFileData=0x3fe5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x97f1e030, ftCreationTime.dwHighDateTime=0x1d5dd24, ftLastAccessTime.dwLowDateTime=0x879010c0, ftLastAccessTime.dwHighDateTime=0x1d5e677, ftLastWriteTime.dwLowDateTime=0x879010c0, ftLastWriteTime.dwHighDateTime=0x1d5e677, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8dfcff0 [0170.822] FindNextFileW (in: hFindFile=0x8dfcff0, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x97f1e030, ftCreationTime.dwHighDateTime=0x1d5dd24, ftLastAccessTime.dwLowDateTime=0x879010c0, ftLastAccessTime.dwHighDateTime=0x1d5e677, ftLastWriteTime.dwLowDateTime=0x879010c0, ftLastWriteTime.dwHighDateTime=0x1d5e677, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0170.823] FindNextFileW (in: hFindFile=0x8dfcff0, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb152f20, ftCreationTime.dwHighDateTime=0x1d5de08, ftLastAccessTime.dwLowDateTime=0x7f659d80, ftLastAccessTime.dwHighDateTime=0x1d5e66c, ftLastWriteTime.dwLowDateTime=0x7f659d80, ftLastWriteTime.dwHighDateTime=0x1d5e66c, nFileSizeHigh=0x0, nFileSizeLow=0x9781, dwReserved0=0x0, dwReserved1=0x0, cFileName="3DiWbcJjnvk hj-Pi.ppt", cAlternateFileName="3DIWBC~1.PPT")) returned 1 [0170.823] FindNextFileW (in: hFindFile=0x8dfcff0, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa48d6880, ftCreationTime.dwHighDateTime=0x1d5d966, ftLastAccessTime.dwLowDateTime=0xe38776c0, ftLastAccessTime.dwHighDateTime=0x1d5e3b1, ftLastWriteTime.dwLowDateTime=0xe38776c0, ftLastWriteTime.dwHighDateTime=0x1d5e3b1, nFileSizeHigh=0x0, nFileSizeLow=0xe45e, dwReserved0=0x0, dwReserved1=0x0, cFileName="OHb vrtCriruE.pps", cAlternateFileName="OHBVRT~1.PPS")) returned 1 [0170.823] FindNextFileW (in: hFindFile=0x8dfcff0, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x217c45f0, ftCreationTime.dwHighDateTime=0x1d5db65, ftLastAccessTime.dwLowDateTime=0xe976c500, ftLastAccessTime.dwHighDateTime=0x1d5e225, ftLastWriteTime.dwLowDateTime=0xe976c500, ftLastWriteTime.dwHighDateTime=0x1d5e225, nFileSizeHigh=0x0, nFileSizeLow=0x10abb, dwReserved0=0x0, dwReserved1=0x0, cFileName="PwjCZbBF8izkVTaY7.pdf", cAlternateFileName="PWJCZB~1.PDF")) returned 1 [0170.823] FindNextFileW (in: hFindFile=0x8dfcff0, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd685e900, ftCreationTime.dwHighDateTime=0x1d5e4a3, ftLastAccessTime.dwLowDateTime=0xe1e2e040, ftLastAccessTime.dwHighDateTime=0x1d5d8b5, ftLastWriteTime.dwLowDateTime=0xe1e2e040, ftLastWriteTime.dwHighDateTime=0x1d5d8b5, nFileSizeHigh=0x0, nFileSizeLow=0xe558, dwReserved0=0x0, dwReserved1=0x0, cFileName="QuOrBUR7n.pdf", cAlternateFileName="QUORBU~1.PDF")) returned 1 [0170.823] FindNextFileW (in: hFindFile=0x8dfcff0, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d28eec0, ftCreationTime.dwHighDateTime=0x1d5d7ff, ftLastAccessTime.dwLowDateTime=0x45810a20, ftLastAccessTime.dwHighDateTime=0x1d5e2aa, ftLastWriteTime.dwLowDateTime=0x45810a20, ftLastWriteTime.dwHighDateTime=0x1d5e2aa, nFileSizeHigh=0x0, nFileSizeLow=0x178ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZfXMBSQYzU5Y.ods", cAlternateFileName="ZFXMBS~1.ODS")) returned 1 [0170.823] FindNextFileW (in: hFindFile=0x8dfcff0, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d28eec0, ftCreationTime.dwHighDateTime=0x1d5d7ff, ftLastAccessTime.dwLowDateTime=0x45810a20, ftLastAccessTime.dwHighDateTime=0x1d5e2aa, ftLastWriteTime.dwLowDateTime=0x45810a20, ftLastWriteTime.dwHighDateTime=0x1d5e2aa, nFileSizeHigh=0x0, nFileSizeLow=0x178ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZfXMBSQYzU5Y.ods", cAlternateFileName="ZFXMBS~1.ODS")) returned 0 [0170.824] FindClose (in: hFindFile=0x8dfcff0 | out: hFindFile=0x8dfcff0) returned 1 [0170.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe888) returned 1 [0170.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe894) returned 1 [0170.824] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\3DiWbcJjnvk hj-Pi.ppt", nBufferLength=0x105, lpBuffer=0x3fe2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\3DiWbcJjnvk hj-Pi.ppt", lpFilePart=0x0) returned 0x87 [0170.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7b0) returned 1 [0170.824] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\3DiWbcJjnvk hj-Pi.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\s1ctovgxxinq\\3diwbcjjnvk hj-pi.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.826] GetFileType (hFile=0x4d0) returned 0x1 [0170.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7ac) returned 1 [0170.826] GetFileType (hFile=0x4d0) returned 0x1 [0170.826] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe8b8 | out: lpFileSizeHigh=0x3fe8b8*=0x0) returned 0x9781 [0170.826] ReadFile (in: hFile=0x4d0, lpBuffer=0x25e0918, nNumberOfBytesToRead=0x9781, lpNumberOfBytesRead=0x3fe864, lpOverlapped=0x0 | out: lpBuffer=0x25e0918*, lpNumberOfBytesRead=0x3fe864*=0x9781, lpOverlapped=0x0) returned 1 [0170.828] CloseHandle (hObject=0x4d0) returned 1 [0170.843] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0170.843] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0170.843] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe8ac | out: lpFileInformation=0x3fe8ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0170.843] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0170.843] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\3DiWbcJjnvk hj-Pi.ppt", nBufferLength=0x105, lpBuffer=0x3fe2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\3DiWbcJjnvk hj-Pi.ppt", lpFilePart=0x0) returned 0x87 [0170.843] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe798) returned 1 [0170.844] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\3DiWbcJjnvk hj-Pi.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\s1ctovgxxinq\\3diwbcjjnvk hj-pi.ppt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.845] GetFileType (hFile=0x4d0) returned 0x1 [0170.845] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe794) returned 1 [0170.845] GetFileType (hFile=0x4d0) returned 0x1 [0170.845] WriteFile (in: hFile=0x4d0, lpBuffer=0x265cc98*, nNumberOfBytesToWrite=0x9790, lpNumberOfBytesWritten=0x3fe854, lpOverlapped=0x0 | out: lpBuffer=0x265cc98*, lpNumberOfBytesWritten=0x3fe854*=0x9790, lpOverlapped=0x0) returned 1 [0170.846] CloseHandle (hObject=0x4d0) returned 1 [0170.848] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\3DiWbcJjnvk hj-Pi.ppt", nBufferLength=0x105, lpBuffer=0x3fe3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\3DiWbcJjnvk hj-Pi.ppt", lpFilePart=0x0) returned 0x87 [0170.848] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\3DiWbcJjnvk hj-Pi.ppt.encrypted", nBufferLength=0x105, lpBuffer=0x3fe3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\3DiWbcJjnvk hj-Pi.ppt.encrypted", lpFilePart=0x0) returned 0x91 [0170.848] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe83c) returned 1 [0170.848] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\3DiWbcJjnvk hj-Pi.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\s1ctovgxxinq\\3diwbcjjnvk hj-pi.ppt"), fInfoLevelId=0x0, lpFileInformation=0x3fe8b8 | out: lpFileInformation=0x3fe8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb152f20, ftCreationTime.dwHighDateTime=0x1d5de08, ftLastAccessTime.dwLowDateTime=0x7f659d80, ftLastAccessTime.dwHighDateTime=0x1d5e66c, ftLastWriteTime.dwLowDateTime=0x1a588dc0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x9790)) returned 1 [0170.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe838) returned 1 [0170.848] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\3DiWbcJjnvk hj-Pi.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\s1ctovgxxinq\\3diwbcjjnvk hj-pi.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\3DiWbcJjnvk hj-Pi.ppt.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\s1ctovgxxinq\\3diwbcjjnvk hj-pi.ppt.encrypted")) returned 1 [0170.849] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\PwjCZbBF8izkVTaY7.pdf", nBufferLength=0x105, lpBuffer=0x3fe2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\PwjCZbBF8izkVTaY7.pdf", lpFilePart=0x0) returned 0x87 [0170.850] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7b0) returned 1 [0170.850] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\PwjCZbBF8izkVTaY7.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\s1ctovgxxinq\\pwjczbbf8izkvtay7.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.850] GetFileType (hFile=0x4d0) returned 0x1 [0170.851] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7ac) returned 1 [0170.851] GetFileType (hFile=0x4d0) returned 0x1 [0170.851] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe8b8 | out: lpFileSizeHigh=0x3fe8b8*=0x0) returned 0x10abb [0170.851] ReadFile (in: hFile=0x4d0, lpBuffer=0x2666c70, nNumberOfBytesToRead=0x10abb, lpNumberOfBytesRead=0x3fe864, lpOverlapped=0x0 | out: lpBuffer=0x2666c70*, lpNumberOfBytesRead=0x3fe864*=0x10abb, lpOverlapped=0x0) returned 1 [0170.853] CloseHandle (hObject=0x4d0) returned 1 [0170.876] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0170.876] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0170.876] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe8ac | out: lpFileInformation=0x3fe8ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0170.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0170.877] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\PwjCZbBF8izkVTaY7.pdf", nBufferLength=0x105, lpBuffer=0x3fe2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\PwjCZbBF8izkVTaY7.pdf", lpFilePart=0x0) returned 0x87 [0170.877] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe798) returned 1 [0170.877] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\PwjCZbBF8izkVTaY7.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\s1ctovgxxinq\\pwjczbbf8izkvtay7.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.878] GetFileType (hFile=0x4d0) returned 0x1 [0170.878] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe794) returned 1 [0170.879] GetFileType (hFile=0x4d0) returned 0x1 [0170.879] WriteFile (in: hFile=0x4d0, lpBuffer=0x26e5a74*, nNumberOfBytesToWrite=0x10ac0, lpNumberOfBytesWritten=0x3fe854, lpOverlapped=0x0 | out: lpBuffer=0x26e5a74*, lpNumberOfBytesWritten=0x3fe854*=0x10ac0, lpOverlapped=0x0) returned 1 [0170.881] CloseHandle (hObject=0x4d0) returned 1 [0170.882] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\PwjCZbBF8izkVTaY7.pdf", nBufferLength=0x105, lpBuffer=0x3fe3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\PwjCZbBF8izkVTaY7.pdf", lpFilePart=0x0) returned 0x87 [0170.883] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\PwjCZbBF8izkVTaY7.pdf.encrypted", nBufferLength=0x105, lpBuffer=0x3fe3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\PwjCZbBF8izkVTaY7.pdf.encrypted", lpFilePart=0x0) returned 0x91 [0170.883] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe83c) returned 1 [0170.883] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\PwjCZbBF8izkVTaY7.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\s1ctovgxxinq\\pwjczbbf8izkvtay7.pdf"), fInfoLevelId=0x0, lpFileInformation=0x3fe8b8 | out: lpFileInformation=0x3fe8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x217c45f0, ftCreationTime.dwHighDateTime=0x1d5db65, ftLastAccessTime.dwLowDateTime=0xe976c500, ftLastAccessTime.dwHighDateTime=0x1d5e225, ftLastWriteTime.dwLowDateTime=0x1a5fb1e0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x10ac0)) returned 1 [0170.883] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe838) returned 1 [0170.883] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\PwjCZbBF8izkVTaY7.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\s1ctovgxxinq\\pwjczbbf8izkvtay7.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\PwjCZbBF8izkVTaY7.pdf.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\s1ctovgxxinq\\pwjczbbf8izkvtay7.pdf.encrypted")) returned 1 [0170.885] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\QuOrBUR7n.pdf", nBufferLength=0x105, lpBuffer=0x3fe2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\QuOrBUR7n.pdf", lpFilePart=0x0) returned 0x7f [0170.885] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7b0) returned 1 [0170.885] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\QuOrBUR7n.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\s1ctovgxxinq\\quorbur7n.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.886] GetFileType (hFile=0x4d0) returned 0x1 [0170.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7ac) returned 1 [0170.886] GetFileType (hFile=0x4d0) returned 0x1 [0170.886] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe8b8 | out: lpFileSizeHigh=0x3fe8b8*=0x0) returned 0xe558 [0170.886] ReadFile (in: hFile=0x4d0, lpBuffer=0x26f6d44, nNumberOfBytesToRead=0xe558, lpNumberOfBytesRead=0x3fe864, lpOverlapped=0x0 | out: lpBuffer=0x26f6d44*, lpNumberOfBytesRead=0x3fe864*=0xe558, lpOverlapped=0x0) returned 1 [0170.888] CloseHandle (hObject=0x4d0) returned 1 [0170.913] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0170.913] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0170.913] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe8ac | out: lpFileInformation=0x3fe8ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0170.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0170.913] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\QuOrBUR7n.pdf", nBufferLength=0x105, lpBuffer=0x3fe2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\QuOrBUR7n.pdf", lpFilePart=0x0) returned 0x7f [0170.913] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe798) returned 1 [0170.913] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\QuOrBUR7n.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\s1ctovgxxinq\\quorbur7n.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.915] GetFileType (hFile=0x4d0) returned 0x1 [0170.915] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe794) returned 1 [0170.915] GetFileType (hFile=0x4d0) returned 0x1 [0170.915] WriteFile (in: hFile=0x4d0, lpBuffer=0x276eb24*, nNumberOfBytesToWrite=0xe560, lpNumberOfBytesWritten=0x3fe854, lpOverlapped=0x0 | out: lpBuffer=0x276eb24*, lpNumberOfBytesWritten=0x3fe854*=0xe560, lpOverlapped=0x0) returned 1 [0170.917] CloseHandle (hObject=0x4d0) returned 1 [0170.919] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\QuOrBUR7n.pdf", nBufferLength=0x105, lpBuffer=0x3fe3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\QuOrBUR7n.pdf", lpFilePart=0x0) returned 0x7f [0170.919] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\QuOrBUR7n.pdf.encrypted", nBufferLength=0x105, lpBuffer=0x3fe3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\QuOrBUR7n.pdf.encrypted", lpFilePart=0x0) returned 0x89 [0170.919] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe83c) returned 1 [0170.919] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\QuOrBUR7n.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\s1ctovgxxinq\\quorbur7n.pdf"), fInfoLevelId=0x0, lpFileInformation=0x3fe8b8 | out: lpFileInformation=0x3fe8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd685e900, ftCreationTime.dwHighDateTime=0x1d5e4a3, ftLastAccessTime.dwLowDateTime=0xe1e2e040, ftLastAccessTime.dwHighDateTime=0x1d5d8b5, ftLastWriteTime.dwLowDateTime=0x1a6474a0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0xe560)) returned 1 [0170.919] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe838) returned 1 [0170.919] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\QuOrBUR7n.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\s1ctovgxxinq\\quorbur7n.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\s1CtOvgXxiNQ\\QuOrBUR7n.pdf.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\s1ctovgxxinq\\quorbur7n.pdf.encrypted")) returned 1 [0170.920] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8c8) returned 1 [0170.921] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI", nBufferLength=0x105, lpBuffer=0x3fe3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI", lpFilePart=0x0) returned 0x6b [0170.921] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\", nBufferLength=0x105, lpBuffer=0x3fe3a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\", lpFilePart=0x0) returned 0x6c [0170.921] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\*", lpFindFileData=0x3fe5f0 | out: lpFindFileData=0x3fe5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e7d00, ftCreationTime.dwHighDateTime=0x1d5da4e, ftLastAccessTime.dwLowDateTime=0x4acbd980, ftLastAccessTime.dwHighDateTime=0x1d5dff6, ftLastWriteTime.dwLowDateTime=0x4acbd980, ftLastWriteTime.dwHighDateTime=0x1d5dff6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8dfd170 [0170.924] FindNextFileW (in: hFindFile=0x8dfd170, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e7d00, ftCreationTime.dwHighDateTime=0x1d5da4e, ftLastAccessTime.dwLowDateTime=0x4acbd980, ftLastAccessTime.dwHighDateTime=0x1d5dff6, ftLastWriteTime.dwLowDateTime=0x4acbd980, ftLastWriteTime.dwHighDateTime=0x1d5dff6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0170.925] FindNextFileW (in: hFindFile=0x8dfd170, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x684fe050, ftCreationTime.dwHighDateTime=0x1d5d9de, ftLastAccessTime.dwLowDateTime=0xcdd174c0, ftLastAccessTime.dwHighDateTime=0x1d5d7e0, ftLastWriteTime.dwLowDateTime=0xcdd174c0, ftLastWriteTime.dwHighDateTime=0x1d5d7e0, nFileSizeHigh=0x0, nFileSizeLow=0x1efd, dwReserved0=0x0, dwReserved1=0x0, cFileName="93HBiA.xlsx", cAlternateFileName="93HBIA~1.XLS")) returned 1 [0170.925] FindNextFileW (in: hFindFile=0x8dfd170, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83e57760, ftCreationTime.dwHighDateTime=0x1d5deb8, ftLastAccessTime.dwLowDateTime=0x980f8ab0, ftLastAccessTime.dwHighDateTime=0x1d5da4d, ftLastWriteTime.dwLowDateTime=0x980f8ab0, ftLastWriteTime.dwHighDateTime=0x1d5da4d, nFileSizeHigh=0x0, nFileSizeLow=0x10bd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="b4MkLbJxgEL6kSQJx-.odp", cAlternateFileName="B4MKLB~1.ODP")) returned 1 [0170.925] FindNextFileW (in: hFindFile=0x8dfd170, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66b35b00, ftCreationTime.dwHighDateTime=0x1d5d7f4, ftLastAccessTime.dwLowDateTime=0x2ecda6b0, ftLastAccessTime.dwHighDateTime=0x1d5db4a, ftLastWriteTime.dwLowDateTime=0x2ecda6b0, ftLastWriteTime.dwHighDateTime=0x1d5db4a, nFileSizeHigh=0x0, nFileSizeLow=0x15bef, dwReserved0=0x0, dwReserved1=0x0, cFileName="H0sX8o.doc", cAlternateFileName="")) returned 1 [0170.925] FindNextFileW (in: hFindFile=0x8dfd170, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f34ef90, ftCreationTime.dwHighDateTime=0x1d5e677, ftLastAccessTime.dwLowDateTime=0x15de27d0, ftLastAccessTime.dwHighDateTime=0x1d5e241, ftLastWriteTime.dwLowDateTime=0x15de27d0, ftLastWriteTime.dwHighDateTime=0x1d5e241, nFileSizeHigh=0x0, nFileSizeLow=0xdabf, dwReserved0=0x0, dwReserved1=0x0, cFileName="SGHUQ3pKCae8l1yK.doc", cAlternateFileName="SGHUQ3~1.DOC")) returned 1 [0170.925] FindNextFileW (in: hFindFile=0x8dfd170, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8ad5800, ftCreationTime.dwHighDateTime=0x1d5e80d, ftLastAccessTime.dwLowDateTime=0xb6bb1d30, ftLastAccessTime.dwHighDateTime=0x1d5dddb, ftLastWriteTime.dwLowDateTime=0xb6bb1d30, ftLastWriteTime.dwHighDateTime=0x1d5dddb, nFileSizeHigh=0x0, nFileSizeLow=0x15c72, dwReserved0=0x0, dwReserved1=0x0, cFileName="yz3CSFifAc0Do808qo.odt", cAlternateFileName="YZ3CSF~1.ODT")) returned 1 [0170.925] FindNextFileW (in: hFindFile=0x8dfd170, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f5bd8f0, ftCreationTime.dwHighDateTime=0x1d5e031, ftLastAccessTime.dwLowDateTime=0x958f2b10, ftLastAccessTime.dwHighDateTime=0x1d5e506, ftLastWriteTime.dwLowDateTime=0x958f2b10, ftLastWriteTime.dwHighDateTime=0x1d5e506, nFileSizeHigh=0x0, nFileSizeLow=0x9a98, dwReserved0=0x0, dwReserved1=0x0, cFileName="zJZc i jaEdrZ.xlsx", cAlternateFileName="ZJZCIJ~1.XLS")) returned 1 [0170.926] FindNextFileW (in: hFindFile=0x8dfd170, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0170.926] FindClose (in: hFindFile=0x8dfd170 | out: hFindFile=0x8dfd170) returned 1 [0170.927] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe888) returned 1 [0170.927] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe894) returned 1 [0170.927] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8c8) returned 1 [0170.927] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI", nBufferLength=0x105, lpBuffer=0x3fe3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI", lpFilePart=0x0) returned 0x6b [0170.927] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\", nBufferLength=0x105, lpBuffer=0x3fe3a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\", lpFilePart=0x0) returned 0x6c [0170.927] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\*", lpFindFileData=0x3fe5f0 | out: lpFindFileData=0x3fe5f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e7d00, ftCreationTime.dwHighDateTime=0x1d5da4e, ftLastAccessTime.dwLowDateTime=0x4acbd980, ftLastAccessTime.dwHighDateTime=0x1d5dff6, ftLastWriteTime.dwLowDateTime=0x4acbd980, ftLastWriteTime.dwHighDateTime=0x1d5dff6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8dfd170 [0170.928] FindNextFileW (in: hFindFile=0x8dfd170, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e7d00, ftCreationTime.dwHighDateTime=0x1d5da4e, ftLastAccessTime.dwLowDateTime=0x4acbd980, ftLastAccessTime.dwHighDateTime=0x1d5dff6, ftLastWriteTime.dwLowDateTime=0x4acbd980, ftLastWriteTime.dwHighDateTime=0x1d5dff6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0170.928] FindNextFileW (in: hFindFile=0x8dfd170, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x684fe050, ftCreationTime.dwHighDateTime=0x1d5d9de, ftLastAccessTime.dwLowDateTime=0xcdd174c0, ftLastAccessTime.dwHighDateTime=0x1d5d7e0, ftLastWriteTime.dwLowDateTime=0xcdd174c0, ftLastWriteTime.dwHighDateTime=0x1d5d7e0, nFileSizeHigh=0x0, nFileSizeLow=0x1efd, dwReserved0=0x0, dwReserved1=0x0, cFileName="93HBiA.xlsx", cAlternateFileName="93HBIA~1.XLS")) returned 1 [0170.929] FindNextFileW (in: hFindFile=0x8dfd170, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83e57760, ftCreationTime.dwHighDateTime=0x1d5deb8, ftLastAccessTime.dwLowDateTime=0x980f8ab0, ftLastAccessTime.dwHighDateTime=0x1d5da4d, ftLastWriteTime.dwLowDateTime=0x980f8ab0, ftLastWriteTime.dwHighDateTime=0x1d5da4d, nFileSizeHigh=0x0, nFileSizeLow=0x10bd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="b4MkLbJxgEL6kSQJx-.odp", cAlternateFileName="B4MKLB~1.ODP")) returned 1 [0170.929] FindNextFileW (in: hFindFile=0x8dfd170, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66b35b00, ftCreationTime.dwHighDateTime=0x1d5d7f4, ftLastAccessTime.dwLowDateTime=0x2ecda6b0, ftLastAccessTime.dwHighDateTime=0x1d5db4a, ftLastWriteTime.dwLowDateTime=0x2ecda6b0, ftLastWriteTime.dwHighDateTime=0x1d5db4a, nFileSizeHigh=0x0, nFileSizeLow=0x15bef, dwReserved0=0x0, dwReserved1=0x0, cFileName="H0sX8o.doc", cAlternateFileName="")) returned 1 [0170.929] FindNextFileW (in: hFindFile=0x8dfd170, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f34ef90, ftCreationTime.dwHighDateTime=0x1d5e677, ftLastAccessTime.dwLowDateTime=0x15de27d0, ftLastAccessTime.dwHighDateTime=0x1d5e241, ftLastWriteTime.dwLowDateTime=0x15de27d0, ftLastWriteTime.dwHighDateTime=0x1d5e241, nFileSizeHigh=0x0, nFileSizeLow=0xdabf, dwReserved0=0x0, dwReserved1=0x0, cFileName="SGHUQ3pKCae8l1yK.doc", cAlternateFileName="SGHUQ3~1.DOC")) returned 1 [0170.929] FindNextFileW (in: hFindFile=0x8dfd170, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8ad5800, ftCreationTime.dwHighDateTime=0x1d5e80d, ftLastAccessTime.dwLowDateTime=0xb6bb1d30, ftLastAccessTime.dwHighDateTime=0x1d5dddb, ftLastWriteTime.dwLowDateTime=0xb6bb1d30, ftLastWriteTime.dwHighDateTime=0x1d5dddb, nFileSizeHigh=0x0, nFileSizeLow=0x15c72, dwReserved0=0x0, dwReserved1=0x0, cFileName="yz3CSFifAc0Do808qo.odt", cAlternateFileName="YZ3CSF~1.ODT")) returned 1 [0170.930] FindNextFileW (in: hFindFile=0x8dfd170, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f5bd8f0, ftCreationTime.dwHighDateTime=0x1d5e031, ftLastAccessTime.dwLowDateTime=0x958f2b10, ftLastAccessTime.dwHighDateTime=0x1d5e506, ftLastWriteTime.dwLowDateTime=0x958f2b10, ftLastWriteTime.dwHighDateTime=0x1d5e506, nFileSizeHigh=0x0, nFileSizeLow=0x9a98, dwReserved0=0x0, dwReserved1=0x0, cFileName="zJZc i jaEdrZ.xlsx", cAlternateFileName="ZJZCIJ~1.XLS")) returned 1 [0170.930] FindNextFileW (in: hFindFile=0x8dfd170, lpFindFileData=0x3fe600 | out: lpFindFileData=0x3fe600*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f5bd8f0, ftCreationTime.dwHighDateTime=0x1d5e031, ftLastAccessTime.dwLowDateTime=0x958f2b10, ftLastAccessTime.dwHighDateTime=0x1d5e506, ftLastWriteTime.dwLowDateTime=0x958f2b10, ftLastWriteTime.dwHighDateTime=0x1d5e506, nFileSizeHigh=0x0, nFileSizeLow=0x9a98, dwReserved0=0x0, dwReserved1=0x0, cFileName="zJZc i jaEdrZ.xlsx", cAlternateFileName="ZJZCIJ~1.XLS")) returned 0 [0170.930] FindClose (in: hFindFile=0x8dfd170 | out: hFindFile=0x8dfd170) returned 1 [0170.931] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe888) returned 1 [0170.931] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe894) returned 1 [0170.931] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\93HBiA.xlsx", nBufferLength=0x105, lpBuffer=0x3fe2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\93HBiA.xlsx", lpFilePart=0x0) returned 0x77 [0170.931] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7b0) returned 1 [0170.931] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\93HBiA.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\uabwyi\\93hbia.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.933] GetFileType (hFile=0x4d0) returned 0x1 [0170.933] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7ac) returned 1 [0170.933] GetFileType (hFile=0x4d0) returned 0x1 [0170.933] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe8b8 | out: lpFileSizeHigh=0x3fe8b8*=0x0) returned 0x1efd [0170.933] ReadFile (in: hFile=0x4d0, lpBuffer=0x27815e8, nNumberOfBytesToRead=0x1efd, lpNumberOfBytesRead=0x3fe864, lpOverlapped=0x0 | out: lpBuffer=0x27815e8*, lpNumberOfBytesRead=0x3fe864*=0x1efd, lpOverlapped=0x0) returned 1 [0170.935] CloseHandle (hObject=0x4d0) returned 1 [0170.996] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0170.996] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0170.996] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe8ac | out: lpFileInformation=0x3fe8ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0170.996] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0170.997] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\93HBiA.xlsx", nBufferLength=0x105, lpBuffer=0x3fe2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\93HBiA.xlsx", lpFilePart=0x0) returned 0x77 [0170.997] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe798) returned 1 [0170.997] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\93HBiA.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\uabwyi\\93hbia.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0170.998] GetFileType (hFile=0x4d0) returned 0x1 [0170.998] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe794) returned 1 [0170.998] GetFileType (hFile=0x4d0) returned 0x1 [0170.998] WriteFile (in: hFile=0x4d0, lpBuffer=0x2568db8*, nNumberOfBytesToWrite=0x1f00, lpNumberOfBytesWritten=0x3fe854, lpOverlapped=0x0 | out: lpBuffer=0x2568db8*, lpNumberOfBytesWritten=0x3fe854*=0x1f00, lpOverlapped=0x0) returned 1 [0171.000] CloseHandle (hObject=0x4d0) returned 1 [0171.001] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\93HBiA.xlsx", nBufferLength=0x105, lpBuffer=0x3fe3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\93HBiA.xlsx", lpFilePart=0x0) returned 0x77 [0171.001] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\93HBiA.xlsx.encrypted", nBufferLength=0x105, lpBuffer=0x3fe3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\93HBiA.xlsx.encrypted", lpFilePart=0x0) returned 0x81 [0171.001] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe83c) returned 1 [0171.001] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\93HBiA.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\uabwyi\\93hbia.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x3fe8b8 | out: lpFileInformation=0x3fe8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x684fe050, ftCreationTime.dwHighDateTime=0x1d5d9de, ftLastAccessTime.dwLowDateTime=0xcdd174c0, ftLastAccessTime.dwHighDateTime=0x1d5d7e0, ftLastWriteTime.dwLowDateTime=0x1a705b80, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x1f00)) returned 1 [0171.002] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe838) returned 1 [0171.002] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\93HBiA.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\uabwyi\\93hbia.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\93HBiA.xlsx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\uabwyi\\93hbia.xlsx.encrypted")) returned 1 [0171.005] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\H0sX8o.doc", nBufferLength=0x105, lpBuffer=0x3fe2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\H0sX8o.doc", lpFilePart=0x0) returned 0x76 [0171.005] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7b0) returned 1 [0171.005] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\H0sX8o.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\uabwyi\\h0sx8o.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.006] GetFileType (hFile=0x4d0) returned 0x1 [0171.006] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7ac) returned 1 [0171.006] GetFileType (hFile=0x4d0) returned 0x1 [0171.006] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe8b8 | out: lpFileSizeHigh=0x3fe8b8*=0x0) returned 0x15bef [0171.007] ReadFile (in: hFile=0x4d0, lpBuffer=0x4121350, nNumberOfBytesToRead=0x15bef, lpNumberOfBytesRead=0x3fe864, lpOverlapped=0x0 | out: lpBuffer=0x4121350*, lpNumberOfBytesRead=0x3fe864*=0x15bef, lpOverlapped=0x0) returned 1 [0171.069] CloseHandle (hObject=0x4d0) returned 1 [0171.097] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0171.097] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0171.097] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe8ac | out: lpFileInformation=0x3fe8ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0171.098] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0171.098] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\H0sX8o.doc", nBufferLength=0x105, lpBuffer=0x3fe2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\H0sX8o.doc", lpFilePart=0x0) returned 0x76 [0171.098] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe798) returned 1 [0171.098] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\H0sX8o.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\uabwyi\\h0sx8o.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.100] GetFileType (hFile=0x4d0) returned 0x1 [0171.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe794) returned 1 [0171.100] GetFileType (hFile=0x4d0) returned 0x1 [0171.100] WriteFile (in: hFile=0x4d0, lpBuffer=0x418df40*, nNumberOfBytesToWrite=0x15bf0, lpNumberOfBytesWritten=0x3fe854, lpOverlapped=0x0 | out: lpBuffer=0x418df40*, lpNumberOfBytesWritten=0x3fe854*=0x15bf0, lpOverlapped=0x0) returned 1 [0171.102] CloseHandle (hObject=0x4d0) returned 1 [0171.104] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\H0sX8o.doc", nBufferLength=0x105, lpBuffer=0x3fe3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\H0sX8o.doc", lpFilePart=0x0) returned 0x76 [0171.104] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\H0sX8o.doc.encrypted", nBufferLength=0x105, lpBuffer=0x3fe3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\H0sX8o.doc.encrypted", lpFilePart=0x0) returned 0x80 [0171.104] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe83c) returned 1 [0171.104] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\H0sX8o.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\uabwyi\\h0sx8o.doc"), fInfoLevelId=0x0, lpFileInformation=0x3fe8b8 | out: lpFileInformation=0x3fe8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66b35b00, ftCreationTime.dwHighDateTime=0x1d5d7f4, ftLastAccessTime.dwLowDateTime=0x2ecda6b0, ftLastAccessTime.dwHighDateTime=0x1d5db4a, ftLastWriteTime.dwLowDateTime=0x1a810520, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x15bf0)) returned 1 [0171.105] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe838) returned 1 [0171.105] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\H0sX8o.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\uabwyi\\h0sx8o.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\H0sX8o.doc.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\uabwyi\\h0sx8o.doc.encrypted")) returned 1 [0171.106] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\SGHUQ3pKCae8l1yK.doc", nBufferLength=0x105, lpBuffer=0x3fe2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\SGHUQ3pKCae8l1yK.doc", lpFilePart=0x0) returned 0x80 [0171.106] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7b0) returned 1 [0171.106] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\SGHUQ3pKCae8l1yK.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\uabwyi\\sghuq3pkcae8l1yk.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.108] GetFileType (hFile=0x4d0) returned 0x1 [0171.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7ac) returned 1 [0171.108] GetFileType (hFile=0x4d0) returned 0x1 [0171.108] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe8b8 | out: lpFileSizeHigh=0x3fe8b8*=0x0) returned 0xdabf [0171.108] ReadFile (in: hFile=0x4d0, lpBuffer=0x25b8ad8, nNumberOfBytesToRead=0xdabf, lpNumberOfBytesRead=0x3fe864, lpOverlapped=0x0 | out: lpBuffer=0x25b8ad8*, lpNumberOfBytesRead=0x3fe864*=0xdabf, lpOverlapped=0x0) returned 1 [0171.110] CloseHandle (hObject=0x4d0) returned 1 [0171.134] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0171.134] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0171.134] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe8ac | out: lpFileInformation=0x3fe8ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0171.134] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0171.134] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\SGHUQ3pKCae8l1yK.doc", nBufferLength=0x105, lpBuffer=0x3fe2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\SGHUQ3pKCae8l1yK.doc", lpFilePart=0x0) returned 0x80 [0171.134] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe798) returned 1 [0171.135] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\SGHUQ3pKCae8l1yK.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\uabwyi\\sghuq3pkcae8l1yk.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.136] GetFileType (hFile=0x4d0) returned 0x1 [0171.136] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe794) returned 1 [0171.136] GetFileType (hFile=0x4d0) returned 0x1 [0171.136] WriteFile (in: hFile=0x4d0, lpBuffer=0x262e8dc*, nNumberOfBytesToWrite=0xdac0, lpNumberOfBytesWritten=0x3fe854, lpOverlapped=0x0 | out: lpBuffer=0x262e8dc*, lpNumberOfBytesWritten=0x3fe854*=0xdac0, lpOverlapped=0x0) returned 1 [0171.138] CloseHandle (hObject=0x4d0) returned 1 [0171.140] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\SGHUQ3pKCae8l1yK.doc", nBufferLength=0x105, lpBuffer=0x3fe3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\SGHUQ3pKCae8l1yK.doc", lpFilePart=0x0) returned 0x80 [0171.140] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\SGHUQ3pKCae8l1yK.doc.encrypted", nBufferLength=0x105, lpBuffer=0x3fe3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\SGHUQ3pKCae8l1yK.doc.encrypted", lpFilePart=0x0) returned 0x8a [0171.140] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe83c) returned 1 [0171.140] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\SGHUQ3pKCae8l1yK.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\uabwyi\\sghuq3pkcae8l1yk.doc"), fInfoLevelId=0x0, lpFileInformation=0x3fe8b8 | out: lpFileInformation=0x3fe8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f34ef90, ftCreationTime.dwHighDateTime=0x1d5e677, ftLastAccessTime.dwLowDateTime=0x15de27d0, ftLastAccessTime.dwHighDateTime=0x1d5e241, ftLastWriteTime.dwLowDateTime=0x1a85c7e0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0xdac0)) returned 1 [0171.140] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe838) returned 1 [0171.140] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\SGHUQ3pKCae8l1yK.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\uabwyi\\sghuq3pkcae8l1yk.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\SGHUQ3pKCae8l1yK.doc.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\uabwyi\\sghuq3pkcae8l1yk.doc.encrypted")) returned 1 [0171.142] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\yz3CSFifAc0Do808qo.odt", nBufferLength=0x105, lpBuffer=0x3fe2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\yz3CSFifAc0Do808qo.odt", lpFilePart=0x0) returned 0x82 [0171.142] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7b0) returned 1 [0171.142] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\yz3CSFifAc0Do808qo.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\uabwyi\\yz3csfifac0do808qo.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.142] GetFileType (hFile=0x4d0) returned 0x1 [0171.142] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7ac) returned 1 [0171.142] GetFileType (hFile=0x4d0) returned 0x1 [0171.142] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe8b8 | out: lpFileSizeHigh=0x3fe8b8*=0x0) returned 0x15c72 [0171.143] ReadFile (in: hFile=0x4d0, lpBuffer=0x41bf0d0, nNumberOfBytesToRead=0x15c72, lpNumberOfBytesRead=0x3fe864, lpOverlapped=0x0 | out: lpBuffer=0x41bf0d0*, lpNumberOfBytesRead=0x3fe864*=0x15c72, lpOverlapped=0x0) returned 1 [0171.176] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0171.176] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0171.177] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe8ac | out: lpFileInformation=0x3fe8ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0171.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0171.177] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\yz3CSFifAc0Do808qo.odt", nBufferLength=0x105, lpBuffer=0x3fe2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\yz3CSFifAc0Do808qo.odt", lpFilePart=0x0) returned 0x82 [0171.177] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe798) returned 1 [0171.177] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\yz3CSFifAc0Do808qo.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\uabwyi\\yz3csfifac0do808qo.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.179] GetFileType (hFile=0x4d0) returned 0x1 [0171.179] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe794) returned 1 [0171.179] GetFileType (hFile=0x4d0) returned 0x1 [0171.179] WriteFile (in: hFile=0x4d0, lpBuffer=0x422bf80*, nNumberOfBytesToWrite=0x15c80, lpNumberOfBytesWritten=0x3fe854, lpOverlapped=0x0 | out: lpBuffer=0x422bf80*, lpNumberOfBytesWritten=0x3fe854*=0x15c80, lpOverlapped=0x0) returned 1 [0171.182] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\yz3CSFifAc0Do808qo.odt", nBufferLength=0x105, lpBuffer=0x3fe3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\yz3CSFifAc0Do808qo.odt", lpFilePart=0x0) returned 0x82 [0171.182] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\yz3CSFifAc0Do808qo.odt.encrypted", nBufferLength=0x105, lpBuffer=0x3fe3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\yz3CSFifAc0Do808qo.odt.encrypted", lpFilePart=0x0) returned 0x8c [0171.182] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe83c) returned 1 [0171.182] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\yz3CSFifAc0Do808qo.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\uabwyi\\yz3csfifac0do808qo.odt"), fInfoLevelId=0x0, lpFileInformation=0x3fe8b8 | out: lpFileInformation=0x3fe8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8ad5800, ftCreationTime.dwHighDateTime=0x1d5e80d, ftLastAccessTime.dwLowDateTime=0xb6bb1d30, ftLastAccessTime.dwHighDateTime=0x1d5dddb, ftLastWriteTime.dwLowDateTime=0x1a8cec00, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x15c80)) returned 1 [0171.182] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe838) returned 1 [0171.182] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\yz3CSFifAc0Do808qo.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\uabwyi\\yz3csfifac0do808qo.odt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\yz3CSFifAc0Do808qo.odt.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\uabwyi\\yz3csfifac0do808qo.odt.encrypted")) returned 1 [0171.185] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\zJZc i jaEdrZ.xlsx", nBufferLength=0x105, lpBuffer=0x3fe2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\zJZc i jaEdrZ.xlsx", lpFilePart=0x0) returned 0x7e [0171.185] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7b0) returned 1 [0171.186] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\zJZc i jaEdrZ.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\uabwyi\\zjzc i jaedrz.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.186] GetFileType (hFile=0x4d0) returned 0x1 [0171.186] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7ac) returned 1 [0171.186] GetFileType (hFile=0x4d0) returned 0x1 [0171.186] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe8b8 | out: lpFileSizeHigh=0x3fe8b8*=0x0) returned 0x9a98 [0171.186] ReadFile (in: hFile=0x4d0, lpBuffer=0x268a158, nNumberOfBytesToRead=0x9a98, lpNumberOfBytesRead=0x3fe864, lpOverlapped=0x0 | out: lpBuffer=0x268a158*, lpNumberOfBytesRead=0x3fe864*=0x9a98, lpOverlapped=0x0) returned 1 [0171.212] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0171.212] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0171.212] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe8ac | out: lpFileInformation=0x3fe8ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0171.212] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0171.212] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\zJZc i jaEdrZ.xlsx", nBufferLength=0x105, lpBuffer=0x3fe2a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\zJZc i jaEdrZ.xlsx", lpFilePart=0x0) returned 0x7e [0171.212] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe798) returned 1 [0171.212] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\zJZc i jaEdrZ.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\uabwyi\\zjzc i jaedrz.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.214] GetFileType (hFile=0x4d0) returned 0x1 [0171.214] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe794) returned 1 [0171.214] GetFileType (hFile=0x4d0) returned 0x1 [0171.214] WriteFile (in: hFile=0x4d0, lpBuffer=0x2707424*, nNumberOfBytesToWrite=0x9aa0, lpNumberOfBytesWritten=0x3fe854, lpOverlapped=0x0 | out: lpBuffer=0x2707424*, lpNumberOfBytesWritten=0x3fe854*=0x9aa0, lpOverlapped=0x0) returned 1 [0171.216] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\zJZc i jaEdrZ.xlsx", nBufferLength=0x105, lpBuffer=0x3fe3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\zJZc i jaEdrZ.xlsx", lpFilePart=0x0) returned 0x7e [0171.216] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\zJZc i jaEdrZ.xlsx.encrypted", nBufferLength=0x105, lpBuffer=0x3fe3dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\zJZc i jaEdrZ.xlsx.encrypted", lpFilePart=0x0) returned 0x88 [0171.216] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe83c) returned 1 [0171.216] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\zJZc i jaEdrZ.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\uabwyi\\zjzc i jaedrz.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x3fe8b8 | out: lpFileInformation=0x3fe8b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f5bd8f0, ftCreationTime.dwHighDateTime=0x1d5e031, ftLastAccessTime.dwLowDateTime=0x958f2b10, ftLastAccessTime.dwHighDateTime=0x1d5e506, ftLastWriteTime.dwLowDateTime=0x1a91aec0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x9aa0)) returned 1 [0171.216] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe838) returned 1 [0171.216] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\zJZc i jaEdrZ.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\uabwyi\\zjzc i jaedrz.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MqiJ9nf_bQCiklH\\Lh-fmvDxe3XRZzV7__u\\EmgH\\jWz6NyW3t0HY4Cspo2L\\UAbWyI\\zJZc i jaEdrZ.xlsx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mqij9nf_bqciklh\\lh-fmvdxe3xrzzv7__u\\emgh\\jwz6nyw3t0hy4cspo2l\\uabwyi\\zjzc i jaedrz.xlsx.encrypted")) returned 1 [0171.219] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe9c8) returned 1 [0171.219] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music", lpFilePart=0x0) returned 0x30 [0171.219] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", nBufferLength=0x105, lpBuffer=0x3fe4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\", lpFilePart=0x0) returned 0x31 [0171.219] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*", lpFindFileData=0x3fe6f0 | out: lpFindFileData=0x3fe6f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0171.220] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe98c) returned 1 [0171.230] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe9c8) returned 1 [0171.230] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures", lpFilePart=0x0) returned 0x33 [0171.230] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", nBufferLength=0x105, lpBuffer=0x3fe4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\", lpFilePart=0x0) returned 0x34 [0171.230] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*", lpFindFileData=0x3fe6f0 | out: lpFindFileData=0x3fe6f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0171.231] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe98c) returned 1 [0171.232] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe9c8) returned 1 [0171.232] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes", lpFilePart=0x0) returned 0x31 [0171.232] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", nBufferLength=0x105, lpBuffer=0x3fe4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpFilePart=0x0) returned 0x32 [0171.233] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*", lpFindFileData=0x3fe6f0 | out: lpFindFileData=0x3fe6f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8dfd3f0 [0171.236] FindNextFileW (in: hFindFile=0x8dfd3f0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0171.236] FindNextFileW (in: hFindFile=0x8dfd3f0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0171.236] FindNextFileW (in: hFindFile=0x8dfd3f0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9e9e4460, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9e9e4460, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favorites.vss", cAlternateFileName="FAVORI~1.VSS")) returned 1 [0171.237] FindNextFileW (in: hFindFile=0x8dfd3f0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 1 [0171.237] FindNextFileW (in: hFindFile=0x8dfd3f0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 0 [0171.237] FindClose (in: hFindFile=0x8dfd3f0 | out: hFindFile=0x8dfd3f0) returned 1 [0171.237] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe988) returned 1 [0171.237] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe994) returned 1 [0171.237] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe9c8) returned 1 [0171.237] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes", lpFilePart=0x0) returned 0x31 [0171.237] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", nBufferLength=0x105, lpBuffer=0x3fe4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\", lpFilePart=0x0) returned 0x32 [0171.237] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*", lpFindFileData=0x3fe6f0 | out: lpFindFileData=0x3fe6f0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8dfd3f0 [0171.238] FindNextFileW (in: hFindFile=0x8dfd3f0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0171.238] FindNextFileW (in: hFindFile=0x8dfd3f0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0171.238] FindNextFileW (in: hFindFile=0x8dfd3f0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9e9e4460, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9e9e4460, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favorites.vss", cAlternateFileName="FAVORI~1.VSS")) returned 1 [0171.238] FindNextFileW (in: hFindFile=0x8dfd3f0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 1 [0171.238] FindNextFileW (in: hFindFile=0x8dfd3f0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0171.239] FindClose (in: hFindFile=0x8dfd3f0 | out: hFindFile=0x8dfd3f0) returned 1 [0171.239] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe988) returned 1 [0171.239] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe994) returned 1 [0171.239] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0171.239] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private", lpFilePart=0x0) returned 0x3a [0171.239] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpFilePart=0x0) returned 0x3b [0171.239] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8dfd3f0 [0171.240] FindNextFileW (in: hFindFile=0x8dfd3f0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0171.241] FindNextFileW (in: hFindFile=0x8dfd3f0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x74e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0171.241] FindNextFileW (in: hFindFile=0x8dfd3f0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0171.241] FindClose (in: hFindFile=0x8dfd3f0 | out: hFindFile=0x8dfd3f0) returned 1 [0171.241] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0171.241] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0171.241] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0171.241] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private", lpFilePart=0x0) returned 0x3a [0171.241] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\", lpFilePart=0x0) returned 0x3b [0171.241] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8dfd3f0 [0171.242] FindNextFileW (in: hFindFile=0x8dfd3f0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0171.242] FindNextFileW (in: hFindFile=0x8dfd3f0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x74e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0171.242] FindNextFileW (in: hFindFile=0x8dfd3f0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x74e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 0 [0171.242] FindClose (in: hFindFile=0x8dfd3f0 | out: hFindFile=0x8dfd3f0) returned 1 [0171.242] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0171.242] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0171.243] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico", nBufferLength=0x105, lpBuffer=0x3fe37c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico", lpFilePart=0x0) returned 0x45 [0171.243] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe870) returned 1 [0171.243] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.244] GetFileType (hFile=0x4d0) returned 0x1 [0171.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe86c) returned 1 [0171.244] GetFileType (hFile=0x4d0) returned 0x1 [0171.244] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe978 | out: lpFileSizeHigh=0x3fe978*=0x0) returned 0x74e6 [0171.244] ReadFile (in: hFile=0x4d0, lpBuffer=0x2715df4, nNumberOfBytesToRead=0x74e6, lpNumberOfBytesRead=0x3fe924, lpOverlapped=0x0 | out: lpBuffer=0x2715df4*, lpNumberOfBytesRead=0x3fe924*=0x74e6, lpOverlapped=0x0) returned 1 [0171.246] CloseHandle (hObject=0x4d0) returned 1 [0171.310] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0171.310] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0171.310] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe96c | out: lpFileInformation=0x3fe96c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0171.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0171.311] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico", nBufferLength=0x105, lpBuffer=0x3fe364, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico", lpFilePart=0x0) returned 0x45 [0171.311] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe858) returned 1 [0171.311] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0171.316] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fd690) returned 1 [0171.316] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe9c8) returned 1 [0171.316] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos", lpFilePart=0x0) returned 0x31 [0171.316] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", nBufferLength=0x105, lpBuffer=0x3fe4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\", lpFilePart=0x0) returned 0x32 [0171.316] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*", lpFindFileData=0x3fe6f0 | out: lpFindFileData=0x3fe6f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0171.317] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe98c) returned 1 [0171.318] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe9c8) returned 1 [0171.318] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files", lpFilePart=0x0) returned 0x35 [0171.318] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", nBufferLength=0x105, lpBuffer=0x3fe4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpFilePart=0x0) returned 0x36 [0171.318] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*", lpFindFileData=0x3fe6f0 | out: lpFindFileData=0x3fe6f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8dfd470 [0171.320] FindNextFileW (in: hFindFile=0x8dfd470, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0171.320] FindNextFileW (in: hFindFile=0x8dfd470, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x8a4fb680, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x0, cFileName="voeimd@djhreuu.uhd.pst", cAlternateFileName="VOEIMD~1.PST")) returned 1 [0171.320] FindNextFileW (in: hFindFile=0x8dfd470, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0171.320] FindClose (in: hFindFile=0x8dfd470 | out: hFindFile=0x8dfd470) returned 1 [0171.320] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe988) returned 1 [0171.320] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe994) returned 1 [0171.320] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe9c8) returned 1 [0171.320] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files", lpFilePart=0x0) returned 0x35 [0171.320] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", nBufferLength=0x105, lpBuffer=0x3fe4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\", lpFilePart=0x0) returned 0x36 [0171.321] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*", lpFindFileData=0x3fe6f0 | out: lpFindFileData=0x3fe6f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8dfd470 [0171.321] FindNextFileW (in: hFindFile=0x8dfd470, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0171.321] FindNextFileW (in: hFindFile=0x8dfd470, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x8a4fb680, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x0, cFileName="voeimd@djhreuu.uhd.pst", cAlternateFileName="VOEIMD~1.PST")) returned 1 [0171.321] FindNextFileW (in: hFindFile=0x8dfd470, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x8a4fb680, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x0, cFileName="voeimd@djhreuu.uhd.pst", cAlternateFileName="VOEIMD~1.PST")) returned 0 [0171.321] FindClose (in: hFindFile=0x8dfd470 | out: hFindFile=0x8dfd470) returned 1 [0171.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe988) returned 1 [0171.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe994) returned 1 [0171.322] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe9c8) returned 1 [0171.322] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H", lpFilePart=0x0) returned 0x3b [0171.322] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\", nBufferLength=0x105, lpBuffer=0x3fe4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\", lpFilePart=0x0) returned 0x3c [0171.322] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\*", lpFindFileData=0x3fe6f0 | out: lpFindFileData=0x3fe6f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x518a84b0, ftCreationTime.dwHighDateTime=0x1d5e5c8, ftLastAccessTime.dwLowDateTime=0x33c31260, ftLastAccessTime.dwHighDateTime=0x1d5e7a5, ftLastWriteTime.dwLowDateTime=0x33c31260, ftLastWriteTime.dwHighDateTime=0x1d5e7a5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8dfd470 [0171.325] FindNextFileW (in: hFindFile=0x8dfd470, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x518a84b0, ftCreationTime.dwHighDateTime=0x1d5e5c8, ftLastAccessTime.dwLowDateTime=0x33c31260, ftLastAccessTime.dwHighDateTime=0x1d5e7a5, ftLastWriteTime.dwLowDateTime=0x33c31260, ftLastWriteTime.dwHighDateTime=0x1d5e7a5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0171.325] FindNextFileW (in: hFindFile=0x8dfd470, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3f39dc50, ftCreationTime.dwHighDateTime=0x1d5deae, ftLastAccessTime.dwLowDateTime=0xb6a5fec0, ftLastAccessTime.dwHighDateTime=0x1d5deb0, ftLastWriteTime.dwLowDateTime=0xb6a5fec0, ftLastWriteTime.dwHighDateTime=0x1d5deb0, nFileSizeHigh=0x0, nFileSizeLow=0xa352, dwReserved0=0x0, dwReserved1=0x0, cFileName="JtjBA9KpXXb8ddEZtam1.pdf", cAlternateFileName="JTJBA9~1.PDF")) returned 1 [0171.325] FindNextFileW (in: hFindFile=0x8dfd470, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x554711e0, ftCreationTime.dwHighDateTime=0x1d5da1f, ftLastAccessTime.dwLowDateTime=0x29336b20, ftLastAccessTime.dwHighDateTime=0x1d5e4ca, ftLastWriteTime.dwLowDateTime=0x29336b20, ftLastWriteTime.dwHighDateTime=0x1d5e4ca, nFileSizeHigh=0x0, nFileSizeLow=0x594c, dwReserved0=0x0, dwReserved1=0x0, cFileName="OZn6bCmH.pptx", cAlternateFileName="OZN6BC~1.PPT")) returned 1 [0171.325] FindNextFileW (in: hFindFile=0x8dfd470, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xded14a90, ftCreationTime.dwHighDateTime=0x1d5e747, ftLastAccessTime.dwLowDateTime=0xfc5b67c0, ftLastAccessTime.dwHighDateTime=0x1d5de01, ftLastWriteTime.dwLowDateTime=0xfc5b67c0, ftLastWriteTime.dwHighDateTime=0x1d5de01, nFileSizeHigh=0x0, nFileSizeLow=0xfa5d, dwReserved0=0x0, dwReserved1=0x0, cFileName="PnR2UY.ppt", cAlternateFileName="")) returned 1 [0171.325] FindNextFileW (in: hFindFile=0x8dfd470, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0171.325] FindClose (in: hFindFile=0x8dfd470 | out: hFindFile=0x8dfd470) returned 1 [0171.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe988) returned 1 [0171.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe994) returned 1 [0171.327] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe9c8) returned 1 [0171.327] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H", lpFilePart=0x0) returned 0x3b [0171.327] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\", nBufferLength=0x105, lpBuffer=0x3fe4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\", lpFilePart=0x0) returned 0x3c [0171.327] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\*", lpFindFileData=0x3fe6f0 | out: lpFindFileData=0x3fe6f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x518a84b0, ftCreationTime.dwHighDateTime=0x1d5e5c8, ftLastAccessTime.dwLowDateTime=0x33c31260, ftLastAccessTime.dwHighDateTime=0x1d5e7a5, ftLastWriteTime.dwLowDateTime=0x33c31260, ftLastWriteTime.dwHighDateTime=0x1d5e7a5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8dfd470 [0171.328] FindNextFileW (in: hFindFile=0x8dfd470, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x518a84b0, ftCreationTime.dwHighDateTime=0x1d5e5c8, ftLastAccessTime.dwLowDateTime=0x33c31260, ftLastAccessTime.dwHighDateTime=0x1d5e7a5, ftLastWriteTime.dwLowDateTime=0x33c31260, ftLastWriteTime.dwHighDateTime=0x1d5e7a5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0171.328] FindNextFileW (in: hFindFile=0x8dfd470, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3f39dc50, ftCreationTime.dwHighDateTime=0x1d5deae, ftLastAccessTime.dwLowDateTime=0xb6a5fec0, ftLastAccessTime.dwHighDateTime=0x1d5deb0, ftLastWriteTime.dwLowDateTime=0xb6a5fec0, ftLastWriteTime.dwHighDateTime=0x1d5deb0, nFileSizeHigh=0x0, nFileSizeLow=0xa352, dwReserved0=0x0, dwReserved1=0x0, cFileName="JtjBA9KpXXb8ddEZtam1.pdf", cAlternateFileName="JTJBA9~1.PDF")) returned 1 [0171.328] FindNextFileW (in: hFindFile=0x8dfd470, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x554711e0, ftCreationTime.dwHighDateTime=0x1d5da1f, ftLastAccessTime.dwLowDateTime=0x29336b20, ftLastAccessTime.dwHighDateTime=0x1d5e4ca, ftLastWriteTime.dwLowDateTime=0x29336b20, ftLastWriteTime.dwHighDateTime=0x1d5e4ca, nFileSizeHigh=0x0, nFileSizeLow=0x594c, dwReserved0=0x0, dwReserved1=0x0, cFileName="OZn6bCmH.pptx", cAlternateFileName="OZN6BC~1.PPT")) returned 1 [0171.329] FindNextFileW (in: hFindFile=0x8dfd470, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xded14a90, ftCreationTime.dwHighDateTime=0x1d5e747, ftLastAccessTime.dwLowDateTime=0xfc5b67c0, ftLastAccessTime.dwHighDateTime=0x1d5de01, ftLastWriteTime.dwLowDateTime=0xfc5b67c0, ftLastWriteTime.dwHighDateTime=0x1d5de01, nFileSizeHigh=0x0, nFileSizeLow=0xfa5d, dwReserved0=0x0, dwReserved1=0x0, cFileName="PnR2UY.ppt", cAlternateFileName="")) returned 1 [0171.329] FindNextFileW (in: hFindFile=0x8dfd470, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xded14a90, ftCreationTime.dwHighDateTime=0x1d5e747, ftLastAccessTime.dwLowDateTime=0xfc5b67c0, ftLastAccessTime.dwHighDateTime=0x1d5de01, ftLastWriteTime.dwLowDateTime=0xfc5b67c0, ftLastWriteTime.dwHighDateTime=0x1d5de01, nFileSizeHigh=0x0, nFileSizeLow=0xfa5d, dwReserved0=0x0, dwReserved1=0x0, cFileName="PnR2UY.ppt", cAlternateFileName="")) returned 0 [0171.329] FindClose (in: hFindFile=0x8dfd470 | out: hFindFile=0x8dfd470) returned 1 [0171.330] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe988) returned 1 [0171.330] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe994) returned 1 [0171.330] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\JtjBA9KpXXb8ddEZtam1.pdf", nBufferLength=0x105, lpBuffer=0x3fe3bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\JtjBA9KpXXb8ddEZtam1.pdf", lpFilePart=0x0) returned 0x54 [0171.330] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0171.330] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\JtjBA9KpXXb8ddEZtam1.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ygheeruigngnjvned2h\\jtjba9kpxxb8ddeztam1.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.334] GetFileType (hFile=0x4d0) returned 0x1 [0171.334] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0171.334] GetFileType (hFile=0x4d0) returned 0x1 [0171.334] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9b8 | out: lpFileSizeHigh=0x3fe9b8*=0x0) returned 0xa352 [0171.334] ReadFile (in: hFile=0x4d0, lpBuffer=0x2591224, nNumberOfBytesToRead=0xa352, lpNumberOfBytesRead=0x3fe964, lpOverlapped=0x0 | out: lpBuffer=0x2591224*, lpNumberOfBytesRead=0x3fe964*=0xa352, lpOverlapped=0x0) returned 1 [0171.336] CloseHandle (hObject=0x4d0) returned 1 [0171.396] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0171.396] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe930) returned 1 [0171.396] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ac | out: lpFileInformation=0x3fe9ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0171.396] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe92c) returned 1 [0171.396] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\JtjBA9KpXXb8ddEZtam1.pdf", nBufferLength=0x105, lpBuffer=0x3fe3a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\JtjBA9KpXXb8ddEZtam1.pdf", lpFilePart=0x0) returned 0x54 [0171.396] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe898) returned 1 [0171.396] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\JtjBA9KpXXb8ddEZtam1.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ygheeruigngnjvned2h\\jtjba9kpxxb8ddeztam1.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.398] GetFileType (hFile=0x4d0) returned 0x1 [0171.398] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe894) returned 1 [0171.398] GetFileType (hFile=0x4d0) returned 0x1 [0171.398] WriteFile (in: hFile=0x4d0, lpBuffer=0x2611210*, nNumberOfBytesToWrite=0xa360, lpNumberOfBytesWritten=0x3fe954, lpOverlapped=0x0 | out: lpBuffer=0x2611210*, lpNumberOfBytesWritten=0x3fe954*=0xa360, lpOverlapped=0x0) returned 1 [0171.400] CloseHandle (hObject=0x4d0) returned 1 [0171.402] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\JtjBA9KpXXb8ddEZtam1.pdf", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\JtjBA9KpXXb8ddEZtam1.pdf", lpFilePart=0x0) returned 0x54 [0171.402] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\JtjBA9KpXXb8ddEZtam1.pdf.encrypted", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\JtjBA9KpXXb8ddEZtam1.pdf.encrypted", lpFilePart=0x0) returned 0x5e [0171.402] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe93c) returned 1 [0171.402] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\JtjBA9KpXXb8ddEZtam1.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ygheeruigngnjvned2h\\jtjba9kpxxb8ddeztam1.pdf"), fInfoLevelId=0x0, lpFileInformation=0x3fe9b8 | out: lpFileInformation=0x3fe9b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3f39dc50, ftCreationTime.dwHighDateTime=0x1d5deae, ftLastAccessTime.dwLowDateTime=0xb6a5fec0, ftLastAccessTime.dwHighDateTime=0x1d5deb0, ftLastWriteTime.dwLowDateTime=0x1aae3f40, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0xa360)) returned 1 [0171.402] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe938) returned 1 [0171.402] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\JtjBA9KpXXb8ddEZtam1.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ygheeruigngnjvned2h\\jtjba9kpxxb8ddeztam1.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\JtjBA9KpXXb8ddEZtam1.pdf.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ygheeruigngnjvned2h\\jtjba9kpxxb8ddeztam1.pdf.encrypted")) returned 1 [0171.404] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\OZn6bCmH.pptx", nBufferLength=0x105, lpBuffer=0x3fe3bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\OZn6bCmH.pptx", lpFilePart=0x0) returned 0x49 [0171.404] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0171.404] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\OZn6bCmH.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ygheeruigngnjvned2h\\ozn6bcmh.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.404] GetFileType (hFile=0x4d0) returned 0x1 [0171.404] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0171.404] GetFileType (hFile=0x4d0) returned 0x1 [0171.404] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9b8 | out: lpFileSizeHigh=0x3fe9b8*=0x0) returned 0x594c [0171.404] ReadFile (in: hFile=0x4d0, lpBuffer=0x261bb8c, nNumberOfBytesToRead=0x594c, lpNumberOfBytesRead=0x3fe964, lpOverlapped=0x0 | out: lpBuffer=0x261bb8c*, lpNumberOfBytesRead=0x3fe964*=0x594c, lpOverlapped=0x0) returned 1 [0171.406] CloseHandle (hObject=0x4d0) returned 1 [0171.429] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0171.429] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe930) returned 1 [0171.429] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ac | out: lpFileInformation=0x3fe9ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0171.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe92c) returned 1 [0171.429] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\OZn6bCmH.pptx", nBufferLength=0x105, lpBuffer=0x3fe3a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\OZn6bCmH.pptx", lpFilePart=0x0) returned 0x49 [0171.430] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe898) returned 1 [0171.430] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\OZn6bCmH.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ygheeruigngnjvned2h\\ozn6bcmh.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.431] GetFileType (hFile=0x4d0) returned 0x1 [0171.431] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe894) returned 1 [0171.431] GetFileType (hFile=0x4d0) returned 0x1 [0171.431] WriteFile (in: hFile=0x4d0, lpBuffer=0x26847c8*, nNumberOfBytesToWrite=0x5950, lpNumberOfBytesWritten=0x3fe954, lpOverlapped=0x0 | out: lpBuffer=0x26847c8*, lpNumberOfBytesWritten=0x3fe954*=0x5950, lpOverlapped=0x0) returned 1 [0171.432] CloseHandle (hObject=0x4d0) returned 1 [0171.434] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\OZn6bCmH.pptx", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\OZn6bCmH.pptx", lpFilePart=0x0) returned 0x49 [0171.434] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\OZn6bCmH.pptx.encrypted", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\OZn6bCmH.pptx.encrypted", lpFilePart=0x0) returned 0x53 [0171.434] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe93c) returned 1 [0171.434] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\OZn6bCmH.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ygheeruigngnjvned2h\\ozn6bcmh.pptx"), fInfoLevelId=0x0, lpFileInformation=0x3fe9b8 | out: lpFileInformation=0x3fe9b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x554711e0, ftCreationTime.dwHighDateTime=0x1d5da1f, ftLastAccessTime.dwLowDateTime=0x29336b20, ftLastAccessTime.dwHighDateTime=0x1d5e4ca, ftLastWriteTime.dwLowDateTime=0x1ab30200, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x5950)) returned 1 [0171.434] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe938) returned 1 [0171.434] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\OZn6bCmH.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ygheeruigngnjvned2h\\ozn6bcmh.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\OZn6bCmH.pptx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ygheeruigngnjvned2h\\ozn6bcmh.pptx.encrypted")) returned 1 [0171.436] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\PnR2UY.ppt", nBufferLength=0x105, lpBuffer=0x3fe3bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\PnR2UY.ppt", lpFilePart=0x0) returned 0x46 [0171.436] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0171.436] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\PnR2UY.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ygheeruigngnjvned2h\\pnr2uy.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.436] GetFileType (hFile=0x4d0) returned 0x1 [0171.436] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0171.436] GetFileType (hFile=0x4d0) returned 0x1 [0171.436] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9b8 | out: lpFileSizeHigh=0x3fe9b8*=0x0) returned 0xfa5d [0171.436] ReadFile (in: hFile=0x4d0, lpBuffer=0x268a6b4, nNumberOfBytesToRead=0xfa5d, lpNumberOfBytesRead=0x3fe964, lpOverlapped=0x0 | out: lpBuffer=0x268a6b4*, lpNumberOfBytesRead=0x3fe964*=0xfa5d, lpOverlapped=0x0) returned 1 [0171.439] CloseHandle (hObject=0x4d0) returned 1 [0171.471] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0171.471] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe930) returned 1 [0171.471] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ac | out: lpFileInformation=0x3fe9ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0171.472] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe92c) returned 1 [0171.472] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\PnR2UY.ppt", nBufferLength=0x105, lpBuffer=0x3fe3a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\PnR2UY.ppt", lpFilePart=0x0) returned 0x46 [0171.472] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe898) returned 1 [0171.472] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\PnR2UY.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ygheeruigngnjvned2h\\pnr2uy.ppt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.473] GetFileType (hFile=0x4d0) returned 0x1 [0171.473] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe894) returned 1 [0171.473] GetFileType (hFile=0x4d0) returned 0x1 [0171.473] WriteFile (in: hFile=0x4d0, lpBuffer=0x2706398*, nNumberOfBytesToWrite=0xfa60, lpNumberOfBytesWritten=0x3fe954, lpOverlapped=0x0 | out: lpBuffer=0x2706398*, lpNumberOfBytesWritten=0x3fe954*=0xfa60, lpOverlapped=0x0) returned 1 [0171.475] CloseHandle (hObject=0x4d0) returned 1 [0171.476] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\PnR2UY.ppt", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\PnR2UY.ppt", lpFilePart=0x0) returned 0x46 [0171.476] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\PnR2UY.ppt.encrypted", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\PnR2UY.ppt.encrypted", lpFilePart=0x0) returned 0x50 [0171.476] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe93c) returned 1 [0171.476] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\PnR2UY.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ygheeruigngnjvned2h\\pnr2uy.ppt"), fInfoLevelId=0x0, lpFileInformation=0x3fe9b8 | out: lpFileInformation=0x3fe9b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xded14a90, ftCreationTime.dwHighDateTime=0x1d5e747, ftLastAccessTime.dwLowDateTime=0xfc5b67c0, ftLastAccessTime.dwHighDateTime=0x1d5de01, ftLastWriteTime.dwLowDateTime=0x1aba2620, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0xfa60)) returned 1 [0171.477] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe938) returned 1 [0171.477] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\PnR2UY.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ygheeruigngnjvned2h\\pnr2uy.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ygHeErUigNgnJVNED2H\\PnR2UY.ppt.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ygheeruigngnjvned2h\\pnr2uy.ppt.encrypted")) returned 1 [0171.478] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fea08) returned 1 [0171.478] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0171.478] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x3fe4e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0171.478] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*", lpFindFileData=0x3fe730 | out: lpFindFileData=0x3fe730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xbf388d00, ftLastAccessTime.dwHighDateTime=0x1d5f0a8, ftLastWriteTime.dwLowDateTime=0xbf388d00, ftLastWriteTime.dwHighDateTime=0x1d5f0a8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8dfd5f0 [0171.478] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xbf388d00, ftLastAccessTime.dwHighDateTime=0x1d5f0a8, ftLastWriteTime.dwLowDateTime=0xbf388d00, ftLastWriteTime.dwHighDateTime=0x1d5f0a8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0171.478] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc17de020, ftCreationTime.dwHighDateTime=0x1d5dc89, ftLastAccessTime.dwLowDateTime=0xb0a8640, ftLastAccessTime.dwHighDateTime=0x1d5da22, ftLastWriteTime.dwLowDateTime=0xb0a8640, ftLastWriteTime.dwHighDateTime=0x1d5da22, nFileSizeHigh=0x0, nFileSizeLow=0x2b0f, dwReserved0=0x0, dwReserved1=0x0, cFileName="11 amZT.bmp", cAlternateFileName="11AMZT~1.BMP")) returned 1 [0171.478] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x688a9850, ftCreationTime.dwHighDateTime=0x1d5e4b3, ftLastAccessTime.dwLowDateTime=0xd111a370, ftLastAccessTime.dwHighDateTime=0x1d5d813, ftLastWriteTime.dwLowDateTime=0xd111a370, ftLastWriteTime.dwHighDateTime=0x1d5d813, nFileSizeHigh=0x0, nFileSizeLow=0x14483, dwReserved0=0x0, dwReserved1=0x0, cFileName="171LAwMf.wav", cAlternateFileName="")) returned 1 [0171.479] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d5ad110, ftCreationTime.dwHighDateTime=0x1d5e827, ftLastAccessTime.dwLowDateTime=0x8f5a1660, ftLastAccessTime.dwHighDateTime=0x1d5d94e, ftLastWriteTime.dwLowDateTime=0x8f5a1660, ftLastWriteTime.dwHighDateTime=0x1d5d94e, nFileSizeHigh=0x0, nFileSizeLow=0x12072, dwReserved0=0x0, dwReserved1=0x0, cFileName="2UApL72d4Lx_9lsytRC.m4a", cAlternateFileName="2UAPL7~1.M4A")) returned 1 [0171.479] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf33b9500, ftCreationTime.dwHighDateTime=0x1d5e088, ftLastAccessTime.dwLowDateTime=0xe964c1e0, ftLastAccessTime.dwHighDateTime=0x1d5e19c, ftLastWriteTime.dwLowDateTime=0xe964c1e0, ftLastWriteTime.dwHighDateTime=0x1d5e19c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="6PXVy", cAlternateFileName="")) returned 1 [0171.479] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82368a20, ftCreationTime.dwHighDateTime=0x1d5de50, ftLastAccessTime.dwLowDateTime=0xa5ed6450, ftLastAccessTime.dwHighDateTime=0x1d5e825, ftLastWriteTime.dwLowDateTime=0xa5ed6450, ftLastWriteTime.dwHighDateTime=0x1d5e825, nFileSizeHigh=0x0, nFileSizeLow=0xf911, dwReserved0=0x0, dwReserved1=0x0, cFileName="9z BNXadSRyumUU0baz.pdf", cAlternateFileName="9ZBNXA~1.PDF")) returned 1 [0171.479] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc5b2070, ftCreationTime.dwHighDateTime=0x1d5e223, ftLastAccessTime.dwLowDateTime=0xe79625e0, ftLastAccessTime.dwHighDateTime=0x1d5db19, ftLastWriteTime.dwLowDateTime=0xe79625e0, ftLastWriteTime.dwHighDateTime=0x1d5db19, nFileSizeHigh=0x0, nFileSizeLow=0x8507, dwReserved0=0x0, dwReserved1=0x0, cFileName="aBrZzs5ng_1R8u.gif", cAlternateFileName="ABRZZS~1.GIF")) returned 1 [0171.479] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0814250, ftCreationTime.dwHighDateTime=0x1d5e1ba, ftLastAccessTime.dwLowDateTime=0xbd1d3bc0, ftLastAccessTime.dwHighDateTime=0x1d5da31, ftLastWriteTime.dwLowDateTime=0xbd1d3bc0, ftLastWriteTime.dwHighDateTime=0x1d5da31, nFileSizeHigh=0x0, nFileSizeLow=0xbc10, dwReserved0=0x0, dwReserved1=0x0, cFileName="b0HlHon-oT.wav", cAlternateFileName="B0HLHO~1.WAV")) returned 1 [0171.479] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e00a650, ftCreationTime.dwHighDateTime=0x1d5da4b, ftLastAccessTime.dwLowDateTime=0xdd5cbef0, ftLastAccessTime.dwHighDateTime=0x1d5e194, ftLastWriteTime.dwLowDateTime=0xdd5cbef0, ftLastWriteTime.dwHighDateTime=0x1d5e194, nFileSizeHigh=0x0, nFileSizeLow=0x4228, dwReserved0=0x0, dwReserved1=0x0, cFileName="BHVSR2nrHR.swf", cAlternateFileName="BHVSR2~1.SWF")) returned 1 [0171.479] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0171.480] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96432260, ftCreationTime.dwHighDateTime=0x1d5da3d, ftLastAccessTime.dwLowDateTime=0x85ad7c00, ftLastAccessTime.dwHighDateTime=0x1d5e6a1, ftLastWriteTime.dwLowDateTime=0x85ad7c00, ftLastWriteTime.dwHighDateTime=0x1d5e6a1, nFileSizeHigh=0x0, nFileSizeLow=0xc975, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dj_bS2T.gif", cAlternateFileName="")) returned 1 [0171.480] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa24222d0, ftCreationTime.dwHighDateTime=0x1d5df62, ftLastAccessTime.dwLowDateTime=0xe957dc30, ftLastAccessTime.dwHighDateTime=0x1d5e7d4, ftLastWriteTime.dwLowDateTime=0xe957dc30, ftLastWriteTime.dwHighDateTime=0x1d5e7d4, nFileSizeHigh=0x0, nFileSizeLow=0xa193, dwReserved0=0x0, dwReserved1=0x0, cFileName="fLh1h.mp4", cAlternateFileName="")) returned 1 [0171.480] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb2ca4e20, ftCreationTime.dwHighDateTime=0x1d5d800, ftLastAccessTime.dwLowDateTime=0x69f2f080, ftLastAccessTime.dwHighDateTime=0x1d5e5e8, ftLastWriteTime.dwLowDateTime=0x69f2f080, ftLastWriteTime.dwHighDateTime=0x1d5e5e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IKufslt2XxHzBF", cAlternateFileName="IKUFSL~1")) returned 1 [0171.480] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8886530, ftCreationTime.dwHighDateTime=0x1d5e73a, ftLastAccessTime.dwLowDateTime=0x64c88250, ftLastAccessTime.dwHighDateTime=0x1d5da62, ftLastWriteTime.dwLowDateTime=0x64c88250, ftLastWriteTime.dwHighDateTime=0x1d5da62, nFileSizeHigh=0x0, nFileSizeLow=0x6ca4, dwReserved0=0x0, dwReserved1=0x0, cFileName="jMRsqHAJXiCvPJUEHiVF.odp", cAlternateFileName="JMRSQH~1.ODP")) returned 1 [0171.480] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x30547a0, ftCreationTime.dwHighDateTime=0x1d5df90, ftLastAccessTime.dwLowDateTime=0x25e0250, ftLastAccessTime.dwHighDateTime=0x1d5dda7, ftLastWriteTime.dwLowDateTime=0x25e0250, ftLastWriteTime.dwHighDateTime=0x1d5dda7, nFileSizeHigh=0x0, nFileSizeLow=0x14571, dwReserved0=0x0, dwReserved1=0x0, cFileName="JxIX KIkfig.mp3", cAlternateFileName="JXIXKI~1.MP3")) returned 1 [0171.480] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d874a0, ftCreationTime.dwHighDateTime=0x1d5dbdc, ftLastAccessTime.dwLowDateTime=0x70fcf960, ftLastAccessTime.dwHighDateTime=0x1d5df81, ftLastWriteTime.dwLowDateTime=0x70fcf960, ftLastWriteTime.dwHighDateTime=0x1d5df81, nFileSizeHigh=0x0, nFileSizeLow=0x77bd, dwReserved0=0x0, dwReserved1=0x0, cFileName="lcnY6.odt", cAlternateFileName="")) returned 1 [0171.480] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabdaa850, ftCreationTime.dwHighDateTime=0x1d5e7ad, ftLastAccessTime.dwLowDateTime=0x77ee8120, ftLastAccessTime.dwHighDateTime=0x1d5e563, ftLastWriteTime.dwLowDateTime=0x77ee8120, ftLastWriteTime.dwHighDateTime=0x1d5e563, nFileSizeHigh=0x0, nFileSizeLow=0x13afd, dwReserved0=0x0, dwReserved1=0x0, cFileName="NndaMDJ2WTycEHtt.wav", cAlternateFileName="NNDAMD~1.WAV")) returned 1 [0171.480] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1441200, ftCreationTime.dwHighDateTime=0x1d5dc68, ftLastAccessTime.dwLowDateTime=0x5bfb61a0, ftLastAccessTime.dwHighDateTime=0x1d5e477, ftLastWriteTime.dwLowDateTime=0x5bfb61a0, ftLastWriteTime.dwHighDateTime=0x1d5e477, nFileSizeHigh=0x0, nFileSizeLow=0x674e, dwReserved0=0x0, dwReserved1=0x0, cFileName="oJ7vzKNpgMsl0uVGqMh.swf", cAlternateFileName="OJ7VZK~1.SWF")) returned 1 [0171.481] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7cf875d0, ftCreationTime.dwHighDateTime=0x1d5da7e, ftLastAccessTime.dwLowDateTime=0x1c1bca50, ftLastAccessTime.dwHighDateTime=0x1d5d8f8, ftLastWriteTime.dwLowDateTime=0x1c1bca50, ftLastWriteTime.dwHighDateTime=0x1d5d8f8, nFileSizeHigh=0x0, nFileSizeLow=0x13fa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="prku.wav", cAlternateFileName="")) returned 1 [0171.481] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd3de140, ftCreationTime.dwHighDateTime=0x1d5e039, ftLastAccessTime.dwLowDateTime=0x13680de0, ftLastAccessTime.dwHighDateTime=0x1d5d7b0, ftLastWriteTime.dwLowDateTime=0x13680de0, ftLastWriteTime.dwHighDateTime=0x1d5d7b0, nFileSizeHigh=0x0, nFileSizeLow=0x6fcd, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHDjl.ots", cAlternateFileName="")) returned 1 [0171.481] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52fa6b60, ftCreationTime.dwHighDateTime=0x1d5e5a7, ftLastAccessTime.dwLowDateTime=0xcd86d660, ftLastAccessTime.dwHighDateTime=0x1d5e445, ftLastWriteTime.dwLowDateTime=0xcd86d660, ftLastWriteTime.dwHighDateTime=0x1d5e445, nFileSizeHigh=0x0, nFileSizeLow=0x11981, dwReserved0=0x0, dwReserved1=0x0, cFileName="SLhbapLWmFHB.ots", cAlternateFileName="SLHBAP~1.OTS")) returned 1 [0171.481] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda476260, ftCreationTime.dwHighDateTime=0x1d5e004, ftLastAccessTime.dwLowDateTime=0xf88312d0, ftLastAccessTime.dwHighDateTime=0x1d5d85f, ftLastWriteTime.dwLowDateTime=0xf88312d0, ftLastWriteTime.dwHighDateTime=0x1d5d85f, nFileSizeHigh=0x0, nFileSizeLow=0x9d07, dwReserved0=0x0, dwReserved1=0x0, cFileName="TDlN83c0KGj.mp3", cAlternateFileName="TDLN83~1.MP3")) returned 1 [0171.481] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e9ecdd0, ftCreationTime.dwHighDateTime=0x1d5e404, ftLastAccessTime.dwLowDateTime=0x58010e90, ftLastAccessTime.dwHighDateTime=0x1d5e5a0, ftLastWriteTime.dwLowDateTime=0x58010e90, ftLastWriteTime.dwHighDateTime=0x1d5e5a0, nFileSizeHigh=0x0, nFileSizeLow=0x33c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="UcSOyBqED80uXtOfttsj.m4a", cAlternateFileName="UCSOYB~1.M4A")) returned 1 [0171.481] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8455a5a0, ftCreationTime.dwHighDateTime=0x1d5da97, ftLastAccessTime.dwLowDateTime=0xadd5230, ftLastAccessTime.dwHighDateTime=0x1d5da16, ftLastWriteTime.dwLowDateTime=0xadd5230, ftLastWriteTime.dwHighDateTime=0x1d5da16, nFileSizeHigh=0x0, nFileSizeLow=0x143c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="ULak.mp4", cAlternateFileName="")) returned 1 [0171.481] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb5a59f80, ftCreationTime.dwHighDateTime=0x1d5f0a8, ftLastAccessTime.dwLowDateTime=0xb63e3600, ftLastAccessTime.dwHighDateTime=0x1d5f0a8, ftLastWriteTime.dwLowDateTime=0xb3dbdc00, ftLastWriteTime.dwHighDateTime=0x1d5f0a8, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="WinUpdt.exe", cAlternateFileName="")) returned 1 [0171.481] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ce2bac0, ftCreationTime.dwHighDateTime=0x1d5dcb7, ftLastAccessTime.dwLowDateTime=0x21341640, ftLastAccessTime.dwHighDateTime=0x1d5e6d2, ftLastWriteTime.dwLowDateTime=0x21341640, ftLastWriteTime.dwHighDateTime=0x1d5e6d2, nFileSizeHigh=0x0, nFileSizeLow=0x112a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="X1C6gqUbE5.jpg", cAlternateFileName="X1C6GQ~1.JPG")) returned 1 [0171.482] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4e79440, ftCreationTime.dwHighDateTime=0x1d5e3de, ftLastAccessTime.dwLowDateTime=0xa8db1e90, ftLastAccessTime.dwHighDateTime=0x1d5d8f4, ftLastWriteTime.dwLowDateTime=0xa8db1e90, ftLastWriteTime.dwHighDateTime=0x1d5d8f4, nFileSizeHigh=0x0, nFileSizeLow=0x8267, dwReserved0=0x0, dwReserved1=0x0, cFileName="XZ29SJ.docx", cAlternateFileName="XZ29SJ~1.DOC")) returned 1 [0171.482] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0171.482] FindClose (in: hFindFile=0x8dfd5f0 | out: hFindFile=0x8dfd5f0) returned 1 [0171.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe9c8) returned 1 [0171.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe9d4) returned 1 [0171.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fea08) returned 1 [0171.482] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0171.482] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", nBufferLength=0x105, lpBuffer=0x3fe4e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\", lpFilePart=0x0) returned 0x26 [0171.482] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*", lpFindFileData=0x3fe730 | out: lpFindFileData=0x3fe730*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xbf388d00, ftLastAccessTime.dwHighDateTime=0x1d5f0a8, ftLastWriteTime.dwLowDateTime=0xbf388d00, ftLastWriteTime.dwHighDateTime=0x1d5f0a8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8dfd5f0 [0171.482] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xbf388d00, ftLastAccessTime.dwHighDateTime=0x1d5f0a8, ftLastWriteTime.dwLowDateTime=0xbf388d00, ftLastWriteTime.dwHighDateTime=0x1d5f0a8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0171.483] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc17de020, ftCreationTime.dwHighDateTime=0x1d5dc89, ftLastAccessTime.dwLowDateTime=0xb0a8640, ftLastAccessTime.dwHighDateTime=0x1d5da22, ftLastWriteTime.dwLowDateTime=0xb0a8640, ftLastWriteTime.dwHighDateTime=0x1d5da22, nFileSizeHigh=0x0, nFileSizeLow=0x2b0f, dwReserved0=0x0, dwReserved1=0x0, cFileName="11 amZT.bmp", cAlternateFileName="11AMZT~1.BMP")) returned 1 [0171.483] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x688a9850, ftCreationTime.dwHighDateTime=0x1d5e4b3, ftLastAccessTime.dwLowDateTime=0xd111a370, ftLastAccessTime.dwHighDateTime=0x1d5d813, ftLastWriteTime.dwLowDateTime=0xd111a370, ftLastWriteTime.dwHighDateTime=0x1d5d813, nFileSizeHigh=0x0, nFileSizeLow=0x14483, dwReserved0=0x0, dwReserved1=0x0, cFileName="171LAwMf.wav", cAlternateFileName="")) returned 1 [0171.483] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d5ad110, ftCreationTime.dwHighDateTime=0x1d5e827, ftLastAccessTime.dwLowDateTime=0x8f5a1660, ftLastAccessTime.dwHighDateTime=0x1d5d94e, ftLastWriteTime.dwLowDateTime=0x8f5a1660, ftLastWriteTime.dwHighDateTime=0x1d5d94e, nFileSizeHigh=0x0, nFileSizeLow=0x12072, dwReserved0=0x0, dwReserved1=0x0, cFileName="2UApL72d4Lx_9lsytRC.m4a", cAlternateFileName="2UAPL7~1.M4A")) returned 1 [0171.483] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf33b9500, ftCreationTime.dwHighDateTime=0x1d5e088, ftLastAccessTime.dwLowDateTime=0xe964c1e0, ftLastAccessTime.dwHighDateTime=0x1d5e19c, ftLastWriteTime.dwLowDateTime=0xe964c1e0, ftLastWriteTime.dwHighDateTime=0x1d5e19c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="6PXVy", cAlternateFileName="")) returned 1 [0171.483] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82368a20, ftCreationTime.dwHighDateTime=0x1d5de50, ftLastAccessTime.dwLowDateTime=0xa5ed6450, ftLastAccessTime.dwHighDateTime=0x1d5e825, ftLastWriteTime.dwLowDateTime=0xa5ed6450, ftLastWriteTime.dwHighDateTime=0x1d5e825, nFileSizeHigh=0x0, nFileSizeLow=0xf911, dwReserved0=0x0, dwReserved1=0x0, cFileName="9z BNXadSRyumUU0baz.pdf", cAlternateFileName="9ZBNXA~1.PDF")) returned 1 [0171.483] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc5b2070, ftCreationTime.dwHighDateTime=0x1d5e223, ftLastAccessTime.dwLowDateTime=0xe79625e0, ftLastAccessTime.dwHighDateTime=0x1d5db19, ftLastWriteTime.dwLowDateTime=0xe79625e0, ftLastWriteTime.dwHighDateTime=0x1d5db19, nFileSizeHigh=0x0, nFileSizeLow=0x8507, dwReserved0=0x0, dwReserved1=0x0, cFileName="aBrZzs5ng_1R8u.gif", cAlternateFileName="ABRZZS~1.GIF")) returned 1 [0171.484] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0814250, ftCreationTime.dwHighDateTime=0x1d5e1ba, ftLastAccessTime.dwLowDateTime=0xbd1d3bc0, ftLastAccessTime.dwHighDateTime=0x1d5da31, ftLastWriteTime.dwLowDateTime=0xbd1d3bc0, ftLastWriteTime.dwHighDateTime=0x1d5da31, nFileSizeHigh=0x0, nFileSizeLow=0xbc10, dwReserved0=0x0, dwReserved1=0x0, cFileName="b0HlHon-oT.wav", cAlternateFileName="B0HLHO~1.WAV")) returned 1 [0171.484] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e00a650, ftCreationTime.dwHighDateTime=0x1d5da4b, ftLastAccessTime.dwLowDateTime=0xdd5cbef0, ftLastAccessTime.dwHighDateTime=0x1d5e194, ftLastWriteTime.dwLowDateTime=0xdd5cbef0, ftLastWriteTime.dwHighDateTime=0x1d5e194, nFileSizeHigh=0x0, nFileSizeLow=0x4228, dwReserved0=0x0, dwReserved1=0x0, cFileName="BHVSR2nrHR.swf", cAlternateFileName="BHVSR2~1.SWF")) returned 1 [0171.484] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0171.484] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96432260, ftCreationTime.dwHighDateTime=0x1d5da3d, ftLastAccessTime.dwLowDateTime=0x85ad7c00, ftLastAccessTime.dwHighDateTime=0x1d5e6a1, ftLastWriteTime.dwLowDateTime=0x85ad7c00, ftLastWriteTime.dwHighDateTime=0x1d5e6a1, nFileSizeHigh=0x0, nFileSizeLow=0xc975, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dj_bS2T.gif", cAlternateFileName="")) returned 1 [0171.484] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa24222d0, ftCreationTime.dwHighDateTime=0x1d5df62, ftLastAccessTime.dwLowDateTime=0xe957dc30, ftLastAccessTime.dwHighDateTime=0x1d5e7d4, ftLastWriteTime.dwLowDateTime=0xe957dc30, ftLastWriteTime.dwHighDateTime=0x1d5e7d4, nFileSizeHigh=0x0, nFileSizeLow=0xa193, dwReserved0=0x0, dwReserved1=0x0, cFileName="fLh1h.mp4", cAlternateFileName="")) returned 1 [0171.484] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb2ca4e20, ftCreationTime.dwHighDateTime=0x1d5d800, ftLastAccessTime.dwLowDateTime=0x69f2f080, ftLastAccessTime.dwHighDateTime=0x1d5e5e8, ftLastWriteTime.dwLowDateTime=0x69f2f080, ftLastWriteTime.dwHighDateTime=0x1d5e5e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IKufslt2XxHzBF", cAlternateFileName="IKUFSL~1")) returned 1 [0171.484] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8886530, ftCreationTime.dwHighDateTime=0x1d5e73a, ftLastAccessTime.dwLowDateTime=0x64c88250, ftLastAccessTime.dwHighDateTime=0x1d5da62, ftLastWriteTime.dwLowDateTime=0x64c88250, ftLastWriteTime.dwHighDateTime=0x1d5da62, nFileSizeHigh=0x0, nFileSizeLow=0x6ca4, dwReserved0=0x0, dwReserved1=0x0, cFileName="jMRsqHAJXiCvPJUEHiVF.odp", cAlternateFileName="JMRSQH~1.ODP")) returned 1 [0171.485] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x30547a0, ftCreationTime.dwHighDateTime=0x1d5df90, ftLastAccessTime.dwLowDateTime=0x25e0250, ftLastAccessTime.dwHighDateTime=0x1d5dda7, ftLastWriteTime.dwLowDateTime=0x25e0250, ftLastWriteTime.dwHighDateTime=0x1d5dda7, nFileSizeHigh=0x0, nFileSizeLow=0x14571, dwReserved0=0x0, dwReserved1=0x0, cFileName="JxIX KIkfig.mp3", cAlternateFileName="JXIXKI~1.MP3")) returned 1 [0171.485] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d874a0, ftCreationTime.dwHighDateTime=0x1d5dbdc, ftLastAccessTime.dwLowDateTime=0x70fcf960, ftLastAccessTime.dwHighDateTime=0x1d5df81, ftLastWriteTime.dwLowDateTime=0x70fcf960, ftLastWriteTime.dwHighDateTime=0x1d5df81, nFileSizeHigh=0x0, nFileSizeLow=0x77bd, dwReserved0=0x0, dwReserved1=0x0, cFileName="lcnY6.odt", cAlternateFileName="")) returned 1 [0171.485] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabdaa850, ftCreationTime.dwHighDateTime=0x1d5e7ad, ftLastAccessTime.dwLowDateTime=0x77ee8120, ftLastAccessTime.dwHighDateTime=0x1d5e563, ftLastWriteTime.dwLowDateTime=0x77ee8120, ftLastWriteTime.dwHighDateTime=0x1d5e563, nFileSizeHigh=0x0, nFileSizeLow=0x13afd, dwReserved0=0x0, dwReserved1=0x0, cFileName="NndaMDJ2WTycEHtt.wav", cAlternateFileName="NNDAMD~1.WAV")) returned 1 [0171.485] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1441200, ftCreationTime.dwHighDateTime=0x1d5dc68, ftLastAccessTime.dwLowDateTime=0x5bfb61a0, ftLastAccessTime.dwHighDateTime=0x1d5e477, ftLastWriteTime.dwLowDateTime=0x5bfb61a0, ftLastWriteTime.dwHighDateTime=0x1d5e477, nFileSizeHigh=0x0, nFileSizeLow=0x674e, dwReserved0=0x0, dwReserved1=0x0, cFileName="oJ7vzKNpgMsl0uVGqMh.swf", cAlternateFileName="OJ7VZK~1.SWF")) returned 1 [0171.485] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7cf875d0, ftCreationTime.dwHighDateTime=0x1d5da7e, ftLastAccessTime.dwLowDateTime=0x1c1bca50, ftLastAccessTime.dwHighDateTime=0x1d5d8f8, ftLastWriteTime.dwLowDateTime=0x1c1bca50, ftLastWriteTime.dwHighDateTime=0x1d5d8f8, nFileSizeHigh=0x0, nFileSizeLow=0x13fa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="prku.wav", cAlternateFileName="")) returned 1 [0171.485] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd3de140, ftCreationTime.dwHighDateTime=0x1d5e039, ftLastAccessTime.dwLowDateTime=0x13680de0, ftLastAccessTime.dwHighDateTime=0x1d5d7b0, ftLastWriteTime.dwLowDateTime=0x13680de0, ftLastWriteTime.dwHighDateTime=0x1d5d7b0, nFileSizeHigh=0x0, nFileSizeLow=0x6fcd, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHDjl.ots", cAlternateFileName="")) returned 1 [0171.486] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52fa6b60, ftCreationTime.dwHighDateTime=0x1d5e5a7, ftLastAccessTime.dwLowDateTime=0xcd86d660, ftLastAccessTime.dwHighDateTime=0x1d5e445, ftLastWriteTime.dwLowDateTime=0xcd86d660, ftLastWriteTime.dwHighDateTime=0x1d5e445, nFileSizeHigh=0x0, nFileSizeLow=0x11981, dwReserved0=0x0, dwReserved1=0x0, cFileName="SLhbapLWmFHB.ots", cAlternateFileName="SLHBAP~1.OTS")) returned 1 [0171.486] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda476260, ftCreationTime.dwHighDateTime=0x1d5e004, ftLastAccessTime.dwLowDateTime=0xf88312d0, ftLastAccessTime.dwHighDateTime=0x1d5d85f, ftLastWriteTime.dwLowDateTime=0xf88312d0, ftLastWriteTime.dwHighDateTime=0x1d5d85f, nFileSizeHigh=0x0, nFileSizeLow=0x9d07, dwReserved0=0x0, dwReserved1=0x0, cFileName="TDlN83c0KGj.mp3", cAlternateFileName="TDLN83~1.MP3")) returned 1 [0171.486] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e9ecdd0, ftCreationTime.dwHighDateTime=0x1d5e404, ftLastAccessTime.dwLowDateTime=0x58010e90, ftLastAccessTime.dwHighDateTime=0x1d5e5a0, ftLastWriteTime.dwLowDateTime=0x58010e90, ftLastWriteTime.dwHighDateTime=0x1d5e5a0, nFileSizeHigh=0x0, nFileSizeLow=0x33c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="UcSOyBqED80uXtOfttsj.m4a", cAlternateFileName="UCSOYB~1.M4A")) returned 1 [0171.486] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8455a5a0, ftCreationTime.dwHighDateTime=0x1d5da97, ftLastAccessTime.dwLowDateTime=0xadd5230, ftLastAccessTime.dwHighDateTime=0x1d5da16, ftLastWriteTime.dwLowDateTime=0xadd5230, ftLastWriteTime.dwHighDateTime=0x1d5da16, nFileSizeHigh=0x0, nFileSizeLow=0x143c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="ULak.mp4", cAlternateFileName="")) returned 1 [0171.486] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb5a59f80, ftCreationTime.dwHighDateTime=0x1d5f0a8, ftLastAccessTime.dwLowDateTime=0xb63e3600, ftLastAccessTime.dwHighDateTime=0x1d5f0a8, ftLastWriteTime.dwLowDateTime=0xb3dbdc00, ftLastWriteTime.dwHighDateTime=0x1d5f0a8, nFileSizeHigh=0x0, nFileSizeLow=0x13a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="WinUpdt.exe", cAlternateFileName="")) returned 1 [0171.486] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ce2bac0, ftCreationTime.dwHighDateTime=0x1d5dcb7, ftLastAccessTime.dwLowDateTime=0x21341640, ftLastAccessTime.dwHighDateTime=0x1d5e6d2, ftLastWriteTime.dwLowDateTime=0x21341640, ftLastWriteTime.dwHighDateTime=0x1d5e6d2, nFileSizeHigh=0x0, nFileSizeLow=0x112a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="X1C6gqUbE5.jpg", cAlternateFileName="X1C6GQ~1.JPG")) returned 1 [0171.487] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4e79440, ftCreationTime.dwHighDateTime=0x1d5e3de, ftLastAccessTime.dwLowDateTime=0xa8db1e90, ftLastAccessTime.dwHighDateTime=0x1d5d8f4, ftLastWriteTime.dwLowDateTime=0xa8db1e90, ftLastWriteTime.dwHighDateTime=0x1d5d8f4, nFileSizeHigh=0x0, nFileSizeLow=0x8267, dwReserved0=0x0, dwReserved1=0x0, cFileName="XZ29SJ.docx", cAlternateFileName="XZ29SJ~1.DOC")) returned 1 [0171.487] FindNextFileW (in: hFindFile=0x8dfd5f0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4e79440, ftCreationTime.dwHighDateTime=0x1d5e3de, ftLastAccessTime.dwLowDateTime=0xa8db1e90, ftLastAccessTime.dwHighDateTime=0x1d5d8f4, ftLastWriteTime.dwLowDateTime=0xa8db1e90, ftLastWriteTime.dwHighDateTime=0x1d5d8f4, nFileSizeHigh=0x0, nFileSizeLow=0x8267, dwReserved0=0x0, dwReserved1=0x0, cFileName="XZ29SJ.docx", cAlternateFileName="XZ29SJ~1.DOC")) returned 0 [0171.487] FindClose (in: hFindFile=0x8dfd5f0 | out: hFindFile=0x8dfd5f0) returned 1 [0171.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe9c8) returned 1 [0171.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe9d4) returned 1 [0171.487] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\11 amZT.bmp", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\11 amZT.bmp", lpFilePart=0x0) returned 0x31 [0171.487] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0171.487] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\11 amZT.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\11 amzt.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.487] GetFileType (hFile=0x4d0) returned 0x1 [0171.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0171.487] GetFileType (hFile=0x4d0) returned 0x1 [0171.487] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0x2b0f [0171.488] ReadFile (in: hFile=0x4d0, lpBuffer=0x271bd40, nNumberOfBytesToRead=0x2b0f, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x271bd40*, lpNumberOfBytesRead=0x3fe9a4*=0x2b0f, lpOverlapped=0x0) returned 1 [0171.488] CloseHandle (hObject=0x4d0) returned 1 [0171.533] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0171.534] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0171.534] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0171.534] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0171.534] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\11 amZT.bmp", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\11 amZT.bmp", lpFilePart=0x0) returned 0x31 [0171.534] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0171.534] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\11 amZT.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\11 amzt.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.537] GetFileType (hFile=0x4d0) returned 0x1 [0171.537] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0171.537] GetFileType (hFile=0x4d0) returned 0x1 [0171.537] WriteFile (in: hFile=0x4d0, lpBuffer=0x256f6b8*, nNumberOfBytesToWrite=0x2b10, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x256f6b8*, lpNumberOfBytesWritten=0x3fe994*=0x2b10, lpOverlapped=0x0) returned 1 [0171.538] CloseHandle (hObject=0x4d0) returned 1 [0171.540] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\11 amZT.bmp", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\11 amZT.bmp", lpFilePart=0x0) returned 0x31 [0171.540] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\11 amZT.bmp.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\11 amZT.bmp.encrypted", lpFilePart=0x0) returned 0x3b [0171.540] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0171.540] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\11 amZT.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\11 amzt.bmp"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc17de020, ftCreationTime.dwHighDateTime=0x1d5dc89, ftLastAccessTime.dwLowDateTime=0xb0a8640, ftLastAccessTime.dwHighDateTime=0x1d5da22, ftLastWriteTime.dwLowDateTime=0x1ac3aba0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x2b10)) returned 1 [0171.540] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0171.540] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\11 amZT.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\11 amzt.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\11 amZT.bmp.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\11 amzt.bmp.encrypted")) returned 1 [0171.542] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9z BNXadSRyumUU0baz.pdf", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9z BNXadSRyumUU0baz.pdf", lpFilePart=0x0) returned 0x3d [0171.542] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0171.542] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9z BNXadSRyumUU0baz.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9z bnxadsryumuu0baz.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.542] GetFileType (hFile=0x4d0) returned 0x1 [0171.542] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0171.542] GetFileType (hFile=0x4d0) returned 0x1 [0171.542] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0xf911 [0171.543] ReadFile (in: hFile=0x4d0, lpBuffer=0x25726d4, nNumberOfBytesToRead=0xf911, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x25726d4*, lpNumberOfBytesRead=0x3fe9a4*=0xf911, lpOverlapped=0x0) returned 1 [0171.544] CloseHandle (hObject=0x4d0) returned 1 [0171.563] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0171.563] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0171.563] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0171.563] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0171.563] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9z BNXadSRyumUU0baz.pdf", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9z BNXadSRyumUU0baz.pdf", lpFilePart=0x0) returned 0x3d [0171.563] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0171.563] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9z BNXadSRyumUU0baz.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9z bnxadsryumuu0baz.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.565] GetFileType (hFile=0x4d0) returned 0x1 [0171.565] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0171.565] GetFileType (hFile=0x4d0) returned 0x1 [0171.565] WriteFile (in: hFile=0x4d0, lpBuffer=0x25edff8*, nNumberOfBytesToWrite=0xf920, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x25edff8*, lpNumberOfBytesWritten=0x3fe994*=0xf920, lpOverlapped=0x0) returned 1 [0171.567] CloseHandle (hObject=0x4d0) returned 1 [0171.578] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9z BNXadSRyumUU0baz.pdf", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9z BNXadSRyumUU0baz.pdf", lpFilePart=0x0) returned 0x3d [0171.578] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9z BNXadSRyumUU0baz.pdf.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9z BNXadSRyumUU0baz.pdf.encrypted", lpFilePart=0x0) returned 0x47 [0171.578] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0171.578] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9z BNXadSRyumUU0baz.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9z bnxadsryumuu0baz.pdf"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82368a20, ftCreationTime.dwHighDateTime=0x1d5de50, ftLastAccessTime.dwLowDateTime=0xa5ed6450, ftLastAccessTime.dwHighDateTime=0x1d5e825, ftLastWriteTime.dwLowDateTime=0x1ac86e60, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0xf920)) returned 1 [0171.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0171.579] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9z BNXadSRyumUU0baz.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9z bnxadsryumuu0baz.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9z BNXadSRyumUU0baz.pdf.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9z bnxadsryumuu0baz.pdf.encrypted")) returned 1 [0171.581] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fLh1h.mp4", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fLh1h.mp4", lpFilePart=0x0) returned 0x2f [0171.581] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0171.581] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fLh1h.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\flh1h.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.582] GetFileType (hFile=0x4d0) returned 0x1 [0171.582] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0171.582] GetFileType (hFile=0x4d0) returned 0x1 [0171.582] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0xa193 [0171.582] ReadFile (in: hFile=0x4d0, lpBuffer=0x25fdeac, nNumberOfBytesToRead=0xa193, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x25fdeac*, lpNumberOfBytesRead=0x3fe9a4*=0xa193, lpOverlapped=0x0) returned 1 [0171.583] CloseHandle (hObject=0x4d0) returned 1 [0171.606] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0171.606] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0171.606] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0171.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0171.607] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fLh1h.mp4", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fLh1h.mp4", lpFilePart=0x0) returned 0x2f [0171.607] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0171.607] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fLh1h.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\flh1h.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.610] GetFileType (hFile=0x4d0) returned 0x1 [0171.610] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0171.610] GetFileType (hFile=0x4d0) returned 0x1 [0171.610] WriteFile (in: hFile=0x4d0, lpBuffer=0x267d47c*, nNumberOfBytesToWrite=0xa1a0, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x267d47c*, lpNumberOfBytesWritten=0x3fe994*=0xa1a0, lpOverlapped=0x0) returned 1 [0171.613] CloseHandle (hObject=0x4d0) returned 1 [0171.615] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fLh1h.mp4", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fLh1h.mp4", lpFilePart=0x0) returned 0x2f [0171.615] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fLh1h.mp4.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fLh1h.mp4.encrypted", lpFilePart=0x0) returned 0x39 [0171.616] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0171.616] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fLh1h.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\flh1h.mp4"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa24222d0, ftCreationTime.dwHighDateTime=0x1d5df62, ftLastAccessTime.dwLowDateTime=0xe957dc30, ftLastAccessTime.dwHighDateTime=0x1d5e7d4, ftLastWriteTime.dwLowDateTime=0x1acf9280, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0xa1a0)) returned 1 [0171.616] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0171.616] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fLh1h.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\flh1h.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fLh1h.mp4.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\flh1h.mp4.encrypted")) returned 1 [0171.618] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JxIX KIkfig.mp3", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JxIX KIkfig.mp3", lpFilePart=0x0) returned 0x35 [0171.618] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0171.618] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JxIX KIkfig.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jxix kikfig.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.619] GetFileType (hFile=0x4d0) returned 0x1 [0171.619] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0171.619] GetFileType (hFile=0x4d0) returned 0x1 [0171.619] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0x14571 [0171.619] ReadFile (in: hFile=0x4d0, lpBuffer=0x2687adc, nNumberOfBytesToRead=0x14571, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x2687adc*, lpNumberOfBytesRead=0x3fe9a4*=0x14571, lpOverlapped=0x0) returned 1 [0171.621] CloseHandle (hObject=0x4d0) returned 1 [0171.645] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0171.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0171.645] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0171.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0171.645] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JxIX KIkfig.mp3", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JxIX KIkfig.mp3", lpFilePart=0x0) returned 0x35 [0171.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0171.645] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JxIX KIkfig.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jxix kikfig.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.648] GetFileType (hFile=0x4d0) returned 0x1 [0171.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0171.648] GetFileType (hFile=0x4d0) returned 0x1 [0171.648] WriteFile (in: hFile=0x4d0, lpBuffer=0x2711920*, nNumberOfBytesToWrite=0x14580, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x2711920*, lpNumberOfBytesWritten=0x3fe994*=0x14580, lpOverlapped=0x0) returned 1 [0171.651] CloseHandle (hObject=0x4d0) returned 1 [0171.653] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JxIX KIkfig.mp3", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JxIX KIkfig.mp3", lpFilePart=0x0) returned 0x35 [0171.653] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JxIX KIkfig.mp3.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JxIX KIkfig.mp3.encrypted", lpFilePart=0x0) returned 0x3f [0171.653] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0171.653] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JxIX KIkfig.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jxix kikfig.mp3"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x30547a0, ftCreationTime.dwHighDateTime=0x1d5df90, ftLastAccessTime.dwLowDateTime=0x25e0250, ftLastAccessTime.dwHighDateTime=0x1d5dda7, ftLastWriteTime.dwLowDateTime=0x1ad45540, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x14580)) returned 1 [0171.653] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0171.653] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JxIX KIkfig.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jxix kikfig.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JxIX KIkfig.mp3.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jxix kikfig.mp3.encrypted")) returned 1 [0171.656] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lcnY6.odt", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lcnY6.odt", lpFilePart=0x0) returned 0x2f [0171.656] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0171.656] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lcnY6.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lcny6.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.656] GetFileType (hFile=0x4d0) returned 0x1 [0171.656] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0171.656] GetFileType (hFile=0x4d0) returned 0x1 [0171.656] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0x77bd [0171.659] ReadFile (in: hFile=0x4d0, lpBuffer=0x25151b0, nNumberOfBytesToRead=0x77bd, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x25151b0*, lpNumberOfBytesRead=0x3fe9a4*=0x77bd, lpOverlapped=0x0) returned 1 [0171.661] CloseHandle (hObject=0x4d0) returned 1 [0171.718] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0171.718] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0171.718] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0171.718] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0171.718] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lcnY6.odt", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lcnY6.odt", lpFilePart=0x0) returned 0x2f [0171.719] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0171.719] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lcnY6.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lcny6.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.721] GetFileType (hFile=0x4d0) returned 0x1 [0171.721] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0171.721] GetFileType (hFile=0x4d0) returned 0x1 [0171.721] WriteFile (in: hFile=0x4d0, lpBuffer=0x258777c*, nNumberOfBytesToWrite=0x77c0, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x258777c*, lpNumberOfBytesWritten=0x3fe994*=0x77c0, lpOverlapped=0x0) returned 1 [0171.729] CloseHandle (hObject=0x4d0) returned 1 [0171.731] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lcnY6.odt", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lcnY6.odt", lpFilePart=0x0) returned 0x2f [0171.731] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lcnY6.odt.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lcnY6.odt.encrypted", lpFilePart=0x0) returned 0x39 [0171.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0171.731] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lcnY6.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lcny6.odt"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d874a0, ftCreationTime.dwHighDateTime=0x1d5dbdc, ftLastAccessTime.dwLowDateTime=0x70fcf960, ftLastAccessTime.dwHighDateTime=0x1d5df81, ftLastWriteTime.dwLowDateTime=0x1ae03c20, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x77c0)) returned 1 [0171.731] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0171.731] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lcnY6.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lcny6.odt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lcnY6.odt.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lcny6.odt.encrypted")) returned 1 [0171.734] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TDlN83c0KGj.mp3", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TDlN83c0KGj.mp3", lpFilePart=0x0) returned 0x35 [0171.734] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0171.734] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TDlN83c0KGj.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdln83c0kgj.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.734] GetFileType (hFile=0x4d0) returned 0x1 [0171.734] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0171.734] GetFileType (hFile=0x4d0) returned 0x1 [0171.734] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0x9d07 [0171.734] ReadFile (in: hFile=0x4d0, lpBuffer=0x258f45c, nNumberOfBytesToRead=0x9d07, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x258f45c*, lpNumberOfBytesRead=0x3fe9a4*=0x9d07, lpOverlapped=0x0) returned 1 [0171.737] CloseHandle (hObject=0x4d0) returned 1 [0171.758] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0171.758] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0171.758] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0171.758] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0171.758] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TDlN83c0KGj.mp3", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TDlN83c0KGj.mp3", lpFilePart=0x0) returned 0x35 [0171.758] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0171.758] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TDlN83c0KGj.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdln83c0kgj.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.761] GetFileType (hFile=0x4d0) returned 0x1 [0171.761] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0171.761] GetFileType (hFile=0x4d0) returned 0x1 [0171.761] WriteFile (in: hFile=0x4d0, lpBuffer=0x260d35c*, nNumberOfBytesToWrite=0x9d10, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x260d35c*, lpNumberOfBytesWritten=0x3fe994*=0x9d10, lpOverlapped=0x0) returned 1 [0171.763] CloseHandle (hObject=0x4d0) returned 1 [0171.765] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TDlN83c0KGj.mp3", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TDlN83c0KGj.mp3", lpFilePart=0x0) returned 0x35 [0171.765] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TDlN83c0KGj.mp3.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TDlN83c0KGj.mp3.encrypted", lpFilePart=0x0) returned 0x3f [0171.765] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0171.765] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TDlN83c0KGj.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdln83c0kgj.mp3"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda476260, ftCreationTime.dwHighDateTime=0x1d5e004, ftLastAccessTime.dwLowDateTime=0xf88312d0, ftLastAccessTime.dwHighDateTime=0x1d5d85f, ftLastWriteTime.dwLowDateTime=0x1ae4fee0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x9d10)) returned 1 [0171.765] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0171.766] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TDlN83c0KGj.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdln83c0kgj.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\TDlN83c0KGj.mp3.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tdln83c0kgj.mp3.encrypted")) returned 1 [0171.768] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ULak.mp4", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ULak.mp4", lpFilePart=0x0) returned 0x2e [0171.768] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0171.768] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ULak.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ulak.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.768] GetFileType (hFile=0x4d0) returned 0x1 [0171.768] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0171.768] GetFileType (hFile=0x4d0) returned 0x1 [0171.768] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0x143c3 [0171.769] ReadFile (in: hFile=0x4d0, lpBuffer=0x2617550, nNumberOfBytesToRead=0x143c3, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x2617550*, lpNumberOfBytesRead=0x3fe9a4*=0x143c3, lpOverlapped=0x0) returned 1 [0171.770] CloseHandle (hObject=0x4d0) returned 1 [0171.795] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0171.795] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0171.795] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0171.795] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0171.795] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ULak.mp4", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ULak.mp4", lpFilePart=0x0) returned 0x2e [0171.795] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0171.795] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ULak.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ulak.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.798] GetFileType (hFile=0x4d0) returned 0x1 [0171.798] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0171.798] GetFileType (hFile=0x4d0) returned 0x1 [0171.798] WriteFile (in: hFile=0x4d0, lpBuffer=0x26a0e84*, nNumberOfBytesToWrite=0x143d0, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x26a0e84*, lpNumberOfBytesWritten=0x3fe994*=0x143d0, lpOverlapped=0x0) returned 1 [0171.800] CloseHandle (hObject=0x4d0) returned 1 [0171.802] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ULak.mp4", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ULak.mp4", lpFilePart=0x0) returned 0x2e [0171.802] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ULak.mp4.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ULak.mp4.encrypted", lpFilePart=0x0) returned 0x38 [0171.802] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0171.803] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ULak.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ulak.mp4"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8455a5a0, ftCreationTime.dwHighDateTime=0x1d5da97, ftLastAccessTime.dwLowDateTime=0xadd5230, ftLastAccessTime.dwHighDateTime=0x1d5da16, ftLastWriteTime.dwLowDateTime=0x1aec2300, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x143d0)) returned 1 [0171.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0171.803] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ULak.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ulak.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ULak.mp4.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ulak.mp4.encrypted")) returned 1 [0171.805] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X1C6gqUbE5.jpg", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X1C6gqUbE5.jpg", lpFilePart=0x0) returned 0x34 [0171.805] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0171.805] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X1C6gqUbE5.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\x1c6gqube5.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.805] GetFileType (hFile=0x4d0) returned 0x1 [0171.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0171.805] GetFileType (hFile=0x4d0) returned 0x1 [0171.806] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0x112a9 [0171.806] ReadFile (in: hFile=0x4d0, lpBuffer=0x26b5714, nNumberOfBytesToRead=0x112a9, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x26b5714*, lpNumberOfBytesRead=0x3fe9a4*=0x112a9, lpOverlapped=0x0) returned 1 [0171.807] CloseHandle (hObject=0x4d0) returned 1 [0171.837] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0171.837] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0171.837] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0171.837] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0171.837] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X1C6gqUbE5.jpg", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X1C6gqUbE5.jpg", lpFilePart=0x0) returned 0x34 [0171.837] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0171.837] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X1C6gqUbE5.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\x1c6gqube5.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.839] GetFileType (hFile=0x4d0) returned 0x1 [0171.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0171.839] GetFileType (hFile=0x4d0) returned 0x1 [0171.840] WriteFile (in: hFile=0x4d0, lpBuffer=0x2548e94*, nNumberOfBytesToWrite=0x112b0, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x2548e94*, lpNumberOfBytesWritten=0x3fe994*=0x112b0, lpOverlapped=0x0) returned 1 [0171.844] CloseHandle (hObject=0x4d0) returned 1 [0171.847] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X1C6gqUbE5.jpg", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X1C6gqUbE5.jpg", lpFilePart=0x0) returned 0x34 [0171.847] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X1C6gqUbE5.jpg.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X1C6gqUbE5.jpg.encrypted", lpFilePart=0x0) returned 0x3e [0171.847] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0171.847] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X1C6gqUbE5.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\x1c6gqube5.jpg"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ce2bac0, ftCreationTime.dwHighDateTime=0x1d5dcb7, ftLastAccessTime.dwLowDateTime=0x21341640, ftLastAccessTime.dwHighDateTime=0x1d5e6d2, ftLastWriteTime.dwLowDateTime=0x1af34720, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x112b0)) returned 1 [0171.847] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0171.847] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X1C6gqUbE5.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\x1c6gqube5.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X1C6gqUbE5.jpg.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\x1c6gqube5.jpg.encrypted")) returned 1 [0171.849] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XZ29SJ.docx", nBufferLength=0x105, lpBuffer=0x3fe3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XZ29SJ.docx", lpFilePart=0x0) returned 0x31 [0171.849] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0171.849] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XZ29SJ.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xz29sj.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.849] GetFileType (hFile=0x4d0) returned 0x1 [0171.849] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0171.849] GetFileType (hFile=0x4d0) returned 0x1 [0171.850] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9f8 | out: lpFileSizeHigh=0x3fe9f8*=0x0) returned 0x8267 [0171.850] ReadFile (in: hFile=0x4d0, lpBuffer=0x255a618, nNumberOfBytesToRead=0x8267, lpNumberOfBytesRead=0x3fe9a4, lpOverlapped=0x0 | out: lpBuffer=0x255a618*, lpNumberOfBytesRead=0x3fe9a4*=0x8267, lpOverlapped=0x0) returned 1 [0171.852] CloseHandle (hObject=0x4d0) returned 1 [0171.900] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0171.900] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe970) returned 1 [0171.901] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ec | out: lpFileInformation=0x3fe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0171.901] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe96c) returned 1 [0171.901] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XZ29SJ.docx", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XZ29SJ.docx", lpFilePart=0x0) returned 0x31 [0171.901] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8d8) returned 1 [0171.901] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XZ29SJ.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xz29sj.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.902] GetFileType (hFile=0x4d0) returned 0x1 [0171.902] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0171.902] GetFileType (hFile=0x4d0) returned 0x1 [0171.902] WriteFile (in: hFile=0x4d0, lpBuffer=0x25d0154*, nNumberOfBytesToWrite=0x8270, lpNumberOfBytesWritten=0x3fe994, lpOverlapped=0x0 | out: lpBuffer=0x25d0154*, lpNumberOfBytesWritten=0x3fe994*=0x8270, lpOverlapped=0x0) returned 1 [0171.904] CloseHandle (hObject=0x4d0) returned 1 [0171.905] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XZ29SJ.docx", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XZ29SJ.docx", lpFilePart=0x0) returned 0x31 [0171.905] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XZ29SJ.docx.encrypted", nBufferLength=0x105, lpBuffer=0x3fe51c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XZ29SJ.docx.encrypted", lpFilePart=0x0) returned 0x3b [0171.905] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe97c) returned 1 [0171.906] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XZ29SJ.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xz29sj.docx"), fInfoLevelId=0x0, lpFileInformation=0x3fe9f8 | out: lpFileInformation=0x3fe9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4e79440, ftCreationTime.dwHighDateTime=0x1d5e3de, ftLastAccessTime.dwLowDateTime=0xa8db1e90, ftLastAccessTime.dwHighDateTime=0x1d5d8f4, ftLastWriteTime.dwLowDateTime=0x1afa6b40, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x8270)) returned 1 [0171.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe978) returned 1 [0171.906] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XZ29SJ.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xz29sj.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XZ29SJ.docx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xz29sj.docx.encrypted")) returned 1 [0171.907] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe9c8) returned 1 [0171.907] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy", lpFilePart=0x0) returned 0x2b [0171.907] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\", nBufferLength=0x105, lpBuffer=0x3fe4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\", lpFilePart=0x0) returned 0x2c [0171.908] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\*", lpFindFileData=0x3fe6f0 | out: lpFindFileData=0x3fe6f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf33b9500, ftCreationTime.dwHighDateTime=0x1d5e088, ftLastAccessTime.dwLowDateTime=0xe964c1e0, ftLastAccessTime.dwHighDateTime=0x1d5e19c, ftLastWriteTime.dwLowDateTime=0xe964c1e0, ftLastWriteTime.dwHighDateTime=0x1d5e19c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e01eb0 [0171.910] FindNextFileW (in: hFindFile=0x8e01eb0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf33b9500, ftCreationTime.dwHighDateTime=0x1d5e088, ftLastAccessTime.dwLowDateTime=0xe964c1e0, ftLastAccessTime.dwHighDateTime=0x1d5e19c, ftLastWriteTime.dwLowDateTime=0xe964c1e0, ftLastWriteTime.dwHighDateTime=0x1d5e19c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0171.910] FindNextFileW (in: hFindFile=0x8e01eb0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaded4d60, ftCreationTime.dwHighDateTime=0x1d5e4c8, ftLastAccessTime.dwLowDateTime=0xfe3052d0, ftLastAccessTime.dwHighDateTime=0x1d5e2b7, ftLastWriteTime.dwLowDateTime=0xfe3052d0, ftLastWriteTime.dwHighDateTime=0x1d5e2b7, nFileSizeHigh=0x0, nFileSizeLow=0x15331, dwReserved0=0x0, dwReserved1=0x0, cFileName="h88yXqHGcm Q4cY0.mp3", cAlternateFileName="H88YXQ~1.MP3")) returned 1 [0171.910] FindNextFileW (in: hFindFile=0x8e01eb0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3fa15650, ftCreationTime.dwHighDateTime=0x1d5d940, ftLastAccessTime.dwLowDateTime=0x43c662b0, ftLastAccessTime.dwHighDateTime=0x1d5e698, ftLastWriteTime.dwLowDateTime=0x43c662b0, ftLastWriteTime.dwHighDateTime=0x1d5e698, nFileSizeHigh=0x0, nFileSizeLow=0x14ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="jS2B F.mp4", cAlternateFileName="JS2BF~1.MP4")) returned 1 [0171.910] FindNextFileW (in: hFindFile=0x8e01eb0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc011ba90, ftCreationTime.dwHighDateTime=0x1d5e51c, ftLastAccessTime.dwLowDateTime=0x73514910, ftLastAccessTime.dwHighDateTime=0x1d5dca1, ftLastWriteTime.dwLowDateTime=0x73514910, ftLastWriteTime.dwHighDateTime=0x1d5dca1, nFileSizeHigh=0x0, nFileSizeLow=0x8c12, dwReserved0=0x0, dwReserved1=0x0, cFileName="KsnOpL91xkl_2.jpg", cAlternateFileName="KSNOPL~1.JPG")) returned 1 [0171.910] FindNextFileW (in: hFindFile=0x8e01eb0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x390a3030, ftCreationTime.dwHighDateTime=0x1d5d9d8, ftLastAccessTime.dwLowDateTime=0xbd8ac520, ftLastAccessTime.dwHighDateTime=0x1d5e088, ftLastWriteTime.dwLowDateTime=0xbd8ac520, ftLastWriteTime.dwHighDateTime=0x1d5e088, nFileSizeHigh=0x0, nFileSizeLow=0xd7b9, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt8hV2Y62JLkc.mkv", cAlternateFileName="LT8HV2~1.MKV")) returned 1 [0171.910] FindNextFileW (in: hFindFile=0x8e01eb0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc14715c0, ftCreationTime.dwHighDateTime=0x1d5e5aa, ftLastAccessTime.dwLowDateTime=0x5d1587e0, ftLastAccessTime.dwHighDateTime=0x1d5dbea, ftLastWriteTime.dwLowDateTime=0x5d1587e0, ftLastWriteTime.dwHighDateTime=0x1d5dbea, nFileSizeHigh=0x0, nFileSizeLow=0x17040, dwReserved0=0x0, dwReserved1=0x0, cFileName="NK-vMMUjP8JeAuHf_CH.docx", cAlternateFileName="NK-VMM~1.DOC")) returned 1 [0171.910] FindNextFileW (in: hFindFile=0x8e01eb0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0171.911] FindClose (in: hFindFile=0x8e01eb0 | out: hFindFile=0x8e01eb0) returned 1 [0171.911] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe988) returned 1 [0171.911] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe994) returned 1 [0171.911] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe9c8) returned 1 [0171.911] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy", lpFilePart=0x0) returned 0x2b [0171.912] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\", nBufferLength=0x105, lpBuffer=0x3fe4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\", lpFilePart=0x0) returned 0x2c [0171.912] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\*", lpFindFileData=0x3fe6f0 | out: lpFindFileData=0x3fe6f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf33b9500, ftCreationTime.dwHighDateTime=0x1d5e088, ftLastAccessTime.dwLowDateTime=0xe964c1e0, ftLastAccessTime.dwHighDateTime=0x1d5e19c, ftLastWriteTime.dwLowDateTime=0xe964c1e0, ftLastWriteTime.dwHighDateTime=0x1d5e19c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e01eb0 [0171.913] FindNextFileW (in: hFindFile=0x8e01eb0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf33b9500, ftCreationTime.dwHighDateTime=0x1d5e088, ftLastAccessTime.dwLowDateTime=0xe964c1e0, ftLastAccessTime.dwHighDateTime=0x1d5e19c, ftLastWriteTime.dwLowDateTime=0xe964c1e0, ftLastWriteTime.dwHighDateTime=0x1d5e19c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0171.913] FindNextFileW (in: hFindFile=0x8e01eb0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaded4d60, ftCreationTime.dwHighDateTime=0x1d5e4c8, ftLastAccessTime.dwLowDateTime=0xfe3052d0, ftLastAccessTime.dwHighDateTime=0x1d5e2b7, ftLastWriteTime.dwLowDateTime=0xfe3052d0, ftLastWriteTime.dwHighDateTime=0x1d5e2b7, nFileSizeHigh=0x0, nFileSizeLow=0x15331, dwReserved0=0x0, dwReserved1=0x0, cFileName="h88yXqHGcm Q4cY0.mp3", cAlternateFileName="H88YXQ~1.MP3")) returned 1 [0171.913] FindNextFileW (in: hFindFile=0x8e01eb0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3fa15650, ftCreationTime.dwHighDateTime=0x1d5d940, ftLastAccessTime.dwLowDateTime=0x43c662b0, ftLastAccessTime.dwHighDateTime=0x1d5e698, ftLastWriteTime.dwLowDateTime=0x43c662b0, ftLastWriteTime.dwHighDateTime=0x1d5e698, nFileSizeHigh=0x0, nFileSizeLow=0x14ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="jS2B F.mp4", cAlternateFileName="JS2BF~1.MP4")) returned 1 [0171.913] FindNextFileW (in: hFindFile=0x8e01eb0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc011ba90, ftCreationTime.dwHighDateTime=0x1d5e51c, ftLastAccessTime.dwLowDateTime=0x73514910, ftLastAccessTime.dwHighDateTime=0x1d5dca1, ftLastWriteTime.dwLowDateTime=0x73514910, ftLastWriteTime.dwHighDateTime=0x1d5dca1, nFileSizeHigh=0x0, nFileSizeLow=0x8c12, dwReserved0=0x0, dwReserved1=0x0, cFileName="KsnOpL91xkl_2.jpg", cAlternateFileName="KSNOPL~1.JPG")) returned 1 [0171.913] FindNextFileW (in: hFindFile=0x8e01eb0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x390a3030, ftCreationTime.dwHighDateTime=0x1d5d9d8, ftLastAccessTime.dwLowDateTime=0xbd8ac520, ftLastAccessTime.dwHighDateTime=0x1d5e088, ftLastWriteTime.dwLowDateTime=0xbd8ac520, ftLastWriteTime.dwHighDateTime=0x1d5e088, nFileSizeHigh=0x0, nFileSizeLow=0xd7b9, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt8hV2Y62JLkc.mkv", cAlternateFileName="LT8HV2~1.MKV")) returned 1 [0171.914] FindNextFileW (in: hFindFile=0x8e01eb0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc14715c0, ftCreationTime.dwHighDateTime=0x1d5e5aa, ftLastAccessTime.dwLowDateTime=0x5d1587e0, ftLastAccessTime.dwHighDateTime=0x1d5dbea, ftLastWriteTime.dwLowDateTime=0x5d1587e0, ftLastWriteTime.dwHighDateTime=0x1d5dbea, nFileSizeHigh=0x0, nFileSizeLow=0x17040, dwReserved0=0x0, dwReserved1=0x0, cFileName="NK-vMMUjP8JeAuHf_CH.docx", cAlternateFileName="NK-VMM~1.DOC")) returned 1 [0171.914] FindNextFileW (in: hFindFile=0x8e01eb0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc14715c0, ftCreationTime.dwHighDateTime=0x1d5e5aa, ftLastAccessTime.dwLowDateTime=0x5d1587e0, ftLastAccessTime.dwHighDateTime=0x1d5dbea, ftLastWriteTime.dwLowDateTime=0x5d1587e0, ftLastWriteTime.dwHighDateTime=0x1d5dbea, nFileSizeHigh=0x0, nFileSizeLow=0x17040, dwReserved0=0x0, dwReserved1=0x0, cFileName="NK-vMMUjP8JeAuHf_CH.docx", cAlternateFileName="NK-VMM~1.DOC")) returned 0 [0171.914] FindClose (in: hFindFile=0x8e01eb0 | out: hFindFile=0x8e01eb0) returned 1 [0171.915] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe988) returned 1 [0171.915] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe994) returned 1 [0171.915] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\h88yXqHGcm Q4cY0.mp3", nBufferLength=0x105, lpBuffer=0x3fe3bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\h88yXqHGcm Q4cY0.mp3", lpFilePart=0x0) returned 0x40 [0171.915] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0171.915] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\h88yXqHGcm Q4cY0.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6pxvy\\h88yxqhgcm q4cy0.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.917] GetFileType (hFile=0x4d0) returned 0x1 [0171.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0171.917] GetFileType (hFile=0x4d0) returned 0x1 [0171.917] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9b8 | out: lpFileSizeHigh=0x3fe9b8*=0x0) returned 0x15331 [0171.917] ReadFile (in: hFile=0x4d0, lpBuffer=0x42f3b20, nNumberOfBytesToRead=0x15331, lpNumberOfBytesRead=0x3fe964, lpOverlapped=0x0 | out: lpBuffer=0x42f3b20*, lpNumberOfBytesRead=0x3fe964*=0x15331, lpOverlapped=0x0) returned 1 [0171.920] CloseHandle (hObject=0x4d0) returned 1 [0171.940] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0171.940] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe930) returned 1 [0171.940] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ac | out: lpFileInformation=0x3fe9ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0171.941] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe92c) returned 1 [0171.941] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\h88yXqHGcm Q4cY0.mp3", nBufferLength=0x105, lpBuffer=0x3fe3a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\h88yXqHGcm Q4cY0.mp3", lpFilePart=0x0) returned 0x40 [0171.941] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe898) returned 1 [0171.941] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\h88yXqHGcm Q4cY0.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6pxvy\\h88yxqhgcm q4cy0.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.942] GetFileType (hFile=0x4d0) returned 0x1 [0171.943] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe894) returned 1 [0171.943] GetFileType (hFile=0x4d0) returned 0x1 [0171.943] WriteFile (in: hFile=0x4d0, lpBuffer=0x435db90*, nNumberOfBytesToWrite=0x15340, lpNumberOfBytesWritten=0x3fe954, lpOverlapped=0x0 | out: lpBuffer=0x435db90*, lpNumberOfBytesWritten=0x3fe954*=0x15340, lpOverlapped=0x0) returned 1 [0171.945] CloseHandle (hObject=0x4d0) returned 1 [0171.946] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\h88yXqHGcm Q4cY0.mp3", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\h88yXqHGcm Q4cY0.mp3", lpFilePart=0x0) returned 0x40 [0171.946] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\h88yXqHGcm Q4cY0.mp3.encrypted", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\h88yXqHGcm Q4cY0.mp3.encrypted", lpFilePart=0x0) returned 0x4a [0171.946] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe93c) returned 1 [0171.947] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\h88yXqHGcm Q4cY0.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6pxvy\\h88yxqhgcm q4cy0.mp3"), fInfoLevelId=0x0, lpFileInformation=0x3fe9b8 | out: lpFileInformation=0x3fe9b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaded4d60, ftCreationTime.dwHighDateTime=0x1d5e4c8, ftLastAccessTime.dwLowDateTime=0xfe3052d0, ftLastAccessTime.dwHighDateTime=0x1d5e2b7, ftLastWriteTime.dwLowDateTime=0x1b018f60, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x15340)) returned 1 [0171.947] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe938) returned 1 [0171.947] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\h88yXqHGcm Q4cY0.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6pxvy\\h88yxqhgcm q4cy0.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\h88yXqHGcm Q4cY0.mp3.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6pxvy\\h88yxqhgcm q4cy0.mp3.encrypted")) returned 1 [0171.948] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\jS2B F.mp4", nBufferLength=0x105, lpBuffer=0x3fe3bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\jS2B F.mp4", lpFilePart=0x0) returned 0x36 [0171.949] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0171.949] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\jS2B F.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6pxvy\\js2b f.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.949] GetFileType (hFile=0x4d0) returned 0x1 [0171.949] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0171.949] GetFileType (hFile=0x4d0) returned 0x1 [0171.949] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9b8 | out: lpFileSizeHigh=0x3fe9b8*=0x0) returned 0x14ed [0171.949] ReadFile (in: hFile=0x4d0, lpBuffer=0x2627d6c, nNumberOfBytesToRead=0x14ed, lpNumberOfBytesRead=0x3fe964, lpOverlapped=0x0 | out: lpBuffer=0x2627d6c*, lpNumberOfBytesRead=0x3fe964*=0x14ed, lpOverlapped=0x0) returned 1 [0171.969] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0171.969] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe930) returned 1 [0171.969] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ac | out: lpFileInformation=0x3fe9ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0171.969] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe92c) returned 1 [0171.969] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\jS2B F.mp4", nBufferLength=0x105, lpBuffer=0x3fe3a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\jS2B F.mp4", lpFilePart=0x0) returned 0x36 [0171.969] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe898) returned 1 [0171.969] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\jS2B F.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6pxvy\\js2b f.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.970] GetFileType (hFile=0x4d0) returned 0x1 [0171.970] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe894) returned 1 [0171.970] GetFileType (hFile=0x4d0) returned 0x1 [0171.970] WriteFile (in: hFile=0x4d0, lpBuffer=0x267b3cc*, nNumberOfBytesToWrite=0x14f0, lpNumberOfBytesWritten=0x3fe954, lpOverlapped=0x0 | out: lpBuffer=0x267b3cc*, lpNumberOfBytesWritten=0x3fe954*=0x14f0, lpOverlapped=0x0) returned 1 [0171.972] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\jS2B F.mp4", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\jS2B F.mp4", lpFilePart=0x0) returned 0x36 [0171.972] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\jS2B F.mp4.encrypted", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\jS2B F.mp4.encrypted", lpFilePart=0x0) returned 0x40 [0171.972] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe93c) returned 1 [0171.972] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\jS2B F.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6pxvy\\js2b f.mp4"), fInfoLevelId=0x0, lpFileInformation=0x3fe9b8 | out: lpFileInformation=0x3fe9b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3fa15650, ftCreationTime.dwHighDateTime=0x1d5d940, ftLastAccessTime.dwLowDateTime=0x43c662b0, ftLastAccessTime.dwHighDateTime=0x1d5e698, ftLastWriteTime.dwLowDateTime=0x1b065220, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x14f0)) returned 1 [0171.972] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe938) returned 1 [0171.972] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\jS2B F.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6pxvy\\js2b f.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\jS2B F.mp4.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6pxvy\\js2b f.mp4.encrypted")) returned 1 [0171.974] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\KsnOpL91xkl_2.jpg", nBufferLength=0x105, lpBuffer=0x3fe3bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\KsnOpL91xkl_2.jpg", lpFilePart=0x0) returned 0x3d [0171.974] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0171.975] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\KsnOpL91xkl_2.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6pxvy\\ksnopl91xkl_2.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.975] GetFileType (hFile=0x4d0) returned 0x1 [0171.975] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0171.975] GetFileType (hFile=0x4d0) returned 0x1 [0171.975] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9b8 | out: lpFileSizeHigh=0x3fe9b8*=0x0) returned 0x8c12 [0171.975] ReadFile (in: hFile=0x4d0, lpBuffer=0x267cdbc, nNumberOfBytesToRead=0x8c12, lpNumberOfBytesRead=0x3fe964, lpOverlapped=0x0 | out: lpBuffer=0x267cdbc*, lpNumberOfBytesRead=0x3fe964*=0x8c12, lpOverlapped=0x0) returned 1 [0171.992] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0171.992] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe930) returned 1 [0171.992] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ac | out: lpFileInformation=0x3fe9ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0171.992] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe92c) returned 1 [0171.992] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\KsnOpL91xkl_2.jpg", nBufferLength=0x105, lpBuffer=0x3fe3a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\KsnOpL91xkl_2.jpg", lpFilePart=0x0) returned 0x3d [0171.992] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe898) returned 1 [0171.992] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\KsnOpL91xkl_2.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6pxvy\\ksnopl91xkl_2.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.993] GetFileType (hFile=0x4d0) returned 0x1 [0171.993] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe894) returned 1 [0171.993] GetFileType (hFile=0x4d0) returned 0x1 [0171.993] WriteFile (in: hFile=0x4d0, lpBuffer=0x26f580c*, nNumberOfBytesToWrite=0x8c20, lpNumberOfBytesWritten=0x3fe954, lpOverlapped=0x0 | out: lpBuffer=0x26f580c*, lpNumberOfBytesWritten=0x3fe954*=0x8c20, lpOverlapped=0x0) returned 1 [0171.995] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\KsnOpL91xkl_2.jpg", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\KsnOpL91xkl_2.jpg", lpFilePart=0x0) returned 0x3d [0171.995] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\KsnOpL91xkl_2.jpg.encrypted", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\KsnOpL91xkl_2.jpg.encrypted", lpFilePart=0x0) returned 0x47 [0171.995] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe93c) returned 1 [0171.995] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\KsnOpL91xkl_2.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6pxvy\\ksnopl91xkl_2.jpg"), fInfoLevelId=0x0, lpFileInformation=0x3fe9b8 | out: lpFileInformation=0x3fe9b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc011ba90, ftCreationTime.dwHighDateTime=0x1d5e51c, ftLastAccessTime.dwLowDateTime=0x73514910, ftLastAccessTime.dwHighDateTime=0x1d5dca1, ftLastWriteTime.dwLowDateTime=0x1b08b380, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x8c20)) returned 1 [0171.995] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe938) returned 1 [0171.995] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\KsnOpL91xkl_2.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6pxvy\\ksnopl91xkl_2.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\KsnOpL91xkl_2.jpg.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6pxvy\\ksnopl91xkl_2.jpg.encrypted")) returned 1 [0171.998] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\lt8hV2Y62JLkc.mkv", nBufferLength=0x105, lpBuffer=0x3fe3bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\lt8hV2Y62JLkc.mkv", lpFilePart=0x0) returned 0x3d [0171.998] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0171.998] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\lt8hV2Y62JLkc.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6pxvy\\lt8hv2y62jlkc.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0171.998] GetFileType (hFile=0x4d0) returned 0x1 [0171.999] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0171.999] GetFileType (hFile=0x4d0) returned 0x1 [0171.999] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9b8 | out: lpFileSizeHigh=0x3fe9b8*=0x0) returned 0xd7b9 [0171.999] ReadFile (in: hFile=0x4d0, lpBuffer=0x26fe968, nNumberOfBytesToRead=0xd7b9, lpNumberOfBytesRead=0x3fe964, lpOverlapped=0x0 | out: lpBuffer=0x26fe968*, lpNumberOfBytesRead=0x3fe964*=0xd7b9, lpOverlapped=0x0) returned 1 [0172.018] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0172.018] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe930) returned 1 [0172.018] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ac | out: lpFileInformation=0x3fe9ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0172.018] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe92c) returned 1 [0172.018] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\lt8hV2Y62JLkc.mkv", nBufferLength=0x105, lpBuffer=0x3fe3a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\lt8hV2Y62JLkc.mkv", lpFilePart=0x0) returned 0x3d [0172.018] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe898) returned 1 [0172.018] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\lt8hV2Y62JLkc.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6pxvy\\lt8hv2y62jlkc.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0172.019] GetFileType (hFile=0x4d0) returned 0x1 [0172.020] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe894) returned 1 [0172.020] GetFileType (hFile=0x4d0) returned 0x1 [0172.020] WriteFile (in: hFile=0x4d0, lpBuffer=0x2773e6c*, nNumberOfBytesToWrite=0xd7c0, lpNumberOfBytesWritten=0x3fe954, lpOverlapped=0x0 | out: lpBuffer=0x2773e6c*, lpNumberOfBytesWritten=0x3fe954*=0xd7c0, lpOverlapped=0x0) returned 1 [0172.021] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\lt8hV2Y62JLkc.mkv", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\lt8hV2Y62JLkc.mkv", lpFilePart=0x0) returned 0x3d [0172.021] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\lt8hV2Y62JLkc.mkv.encrypted", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\lt8hV2Y62JLkc.mkv.encrypted", lpFilePart=0x0) returned 0x47 [0172.021] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe93c) returned 1 [0172.021] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\lt8hV2Y62JLkc.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6pxvy\\lt8hv2y62jlkc.mkv"), fInfoLevelId=0x0, lpFileInformation=0x3fe9b8 | out: lpFileInformation=0x3fe9b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x390a3030, ftCreationTime.dwHighDateTime=0x1d5d9d8, ftLastAccessTime.dwLowDateTime=0xbd8ac520, ftLastAccessTime.dwHighDateTime=0x1d5e088, ftLastWriteTime.dwLowDateTime=0x1b0d7640, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0xd7c0)) returned 1 [0172.021] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe938) returned 1 [0172.022] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\lt8hV2Y62JLkc.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6pxvy\\lt8hv2y62jlkc.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\lt8hV2Y62JLkc.mkv.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6pxvy\\lt8hv2y62jlkc.mkv.encrypted")) returned 1 [0172.024] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\NK-vMMUjP8JeAuHf_CH.docx", nBufferLength=0x105, lpBuffer=0x3fe3bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\NK-vMMUjP8JeAuHf_CH.docx", lpFilePart=0x0) returned 0x44 [0172.024] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0172.024] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\NK-vMMUjP8JeAuHf_CH.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6pxvy\\nk-vmmujp8jeauhf_ch.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0172.025] GetFileType (hFile=0x4d0) returned 0x1 [0172.025] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0172.025] GetFileType (hFile=0x4d0) returned 0x1 [0172.025] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe9b8 | out: lpFileSizeHigh=0x3fe9b8*=0x0) returned 0x17040 [0172.025] ReadFile (in: hFile=0x4d0, lpBuffer=0x438de70, nNumberOfBytesToRead=0x17040, lpNumberOfBytesRead=0x3fe964, lpOverlapped=0x0 | out: lpBuffer=0x438de70*, lpNumberOfBytesRead=0x3fe964*=0x17040, lpOverlapped=0x0) returned 1 [0172.046] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0172.046] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe930) returned 1 [0172.046] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe9ac | out: lpFileInformation=0x3fe9ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0172.046] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe92c) returned 1 [0172.046] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\NK-vMMUjP8JeAuHf_CH.docx", nBufferLength=0x105, lpBuffer=0x3fe3a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\NK-vMMUjP8JeAuHf_CH.docx", lpFilePart=0x0) returned 0x44 [0172.046] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe898) returned 1 [0172.046] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\NK-vMMUjP8JeAuHf_CH.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6pxvy\\nk-vmmujp8jeauhf_ch.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0172.048] GetFileType (hFile=0x4d0) returned 0x1 [0172.048] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe894) returned 1 [0172.048] GetFileType (hFile=0x4d0) returned 0x1 [0172.048] WriteFile (in: hFile=0x4d0, lpBuffer=0x4401030*, nNumberOfBytesToWrite=0x17050, lpNumberOfBytesWritten=0x3fe954, lpOverlapped=0x0 | out: lpBuffer=0x4401030*, lpNumberOfBytesWritten=0x3fe954*=0x17050, lpOverlapped=0x0) returned 1 [0172.050] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\NK-vMMUjP8JeAuHf_CH.docx", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\NK-vMMUjP8JeAuHf_CH.docx", lpFilePart=0x0) returned 0x44 [0172.050] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\NK-vMMUjP8JeAuHf_CH.docx.encrypted", nBufferLength=0x105, lpBuffer=0x3fe4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\NK-vMMUjP8JeAuHf_CH.docx.encrypted", lpFilePart=0x0) returned 0x4e [0172.050] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe93c) returned 1 [0172.051] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\NK-vMMUjP8JeAuHf_CH.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6pxvy\\nk-vmmujp8jeauhf_ch.docx"), fInfoLevelId=0x0, lpFileInformation=0x3fe9b8 | out: lpFileInformation=0x3fe9b8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc14715c0, ftCreationTime.dwHighDateTime=0x1d5e5aa, ftLastAccessTime.dwLowDateTime=0x5d1587e0, ftLastAccessTime.dwHighDateTime=0x1d5dbea, ftLastWriteTime.dwLowDateTime=0x1b123900, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x17050)) returned 1 [0172.051] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe938) returned 1 [0172.051] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\NK-vMMUjP8JeAuHf_CH.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6pxvy\\nk-vmmujp8jeauhf_ch.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6PXVy\\NK-vMMUjP8JeAuHf_CH.docx.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6pxvy\\nk-vmmujp8jeauhf_ch.docx.encrypted")) returned 1 [0172.054] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe9c8) returned 1 [0172.054] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF", lpFilePart=0x0) returned 0x34 [0172.054] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\", nBufferLength=0x105, lpBuffer=0x3fe4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\", lpFilePart=0x0) returned 0x35 [0172.054] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\*", lpFindFileData=0x3fe6f0 | out: lpFindFileData=0x3fe6f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb2ca4e20, ftCreationTime.dwHighDateTime=0x1d5d800, ftLastAccessTime.dwLowDateTime=0x69f2f080, ftLastAccessTime.dwHighDateTime=0x1d5e5e8, ftLastWriteTime.dwLowDateTime=0x69f2f080, ftLastWriteTime.dwHighDateTime=0x1d5e5e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e02130 [0172.056] FindNextFileW (in: hFindFile=0x8e02130, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb2ca4e20, ftCreationTime.dwHighDateTime=0x1d5d800, ftLastAccessTime.dwLowDateTime=0x69f2f080, ftLastAccessTime.dwHighDateTime=0x1d5e5e8, ftLastWriteTime.dwLowDateTime=0x69f2f080, ftLastWriteTime.dwHighDateTime=0x1d5e5e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.056] FindNextFileW (in: hFindFile=0x8e02130, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e0626c0, ftCreationTime.dwHighDateTime=0x1d5e68f, ftLastAccessTime.dwLowDateTime=0x941654d0, ftLastAccessTime.dwHighDateTime=0x1d5db91, ftLastWriteTime.dwLowDateTime=0x941654d0, ftLastWriteTime.dwHighDateTime=0x1d5db91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1RRgi1e Skyto32FY", cAlternateFileName="1RRGI1~1")) returned 1 [0172.056] FindNextFileW (in: hFindFile=0x8e02130, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf72b9490, ftCreationTime.dwHighDateTime=0x1d5dcfe, ftLastAccessTime.dwLowDateTime=0x3710ecc0, ftLastAccessTime.dwHighDateTime=0x1d5db8f, ftLastWriteTime.dwLowDateTime=0x3710ecc0, ftLastWriteTime.dwHighDateTime=0x1d5db8f, nFileSizeHigh=0x0, nFileSizeLow=0x16633, dwReserved0=0x0, dwReserved1=0x0, cFileName="eumY_2hh31b8.swf", cAlternateFileName="EUMY_2~1.SWF")) returned 1 [0172.056] FindNextFileW (in: hFindFile=0x8e02130, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdb4d4170, ftCreationTime.dwHighDateTime=0x1d5e469, ftLastAccessTime.dwLowDateTime=0x74a47090, ftLastAccessTime.dwHighDateTime=0x1d5e763, ftLastWriteTime.dwLowDateTime=0x74a47090, ftLastWriteTime.dwHighDateTime=0x1d5e763, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vmPe", cAlternateFileName="")) returned 1 [0172.056] FindNextFileW (in: hFindFile=0x8e02130, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdb4d4170, ftCreationTime.dwHighDateTime=0x1d5e469, ftLastAccessTime.dwLowDateTime=0x74a47090, ftLastAccessTime.dwHighDateTime=0x1d5e763, ftLastWriteTime.dwLowDateTime=0x74a47090, ftLastWriteTime.dwHighDateTime=0x1d5e763, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vmPe", cAlternateFileName="")) returned 0 [0172.056] FindClose (in: hFindFile=0x8e02130 | out: hFindFile=0x8e02130) returned 1 [0172.057] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe988) returned 1 [0172.057] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe994) returned 1 [0172.057] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe9c8) returned 1 [0172.057] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF", lpFilePart=0x0) returned 0x34 [0172.057] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\", nBufferLength=0x105, lpBuffer=0x3fe4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\", lpFilePart=0x0) returned 0x35 [0172.057] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\*", lpFindFileData=0x3fe6f0 | out: lpFindFileData=0x3fe6f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb2ca4e20, ftCreationTime.dwHighDateTime=0x1d5d800, ftLastAccessTime.dwLowDateTime=0x69f2f080, ftLastAccessTime.dwHighDateTime=0x1d5e5e8, ftLastWriteTime.dwLowDateTime=0x69f2f080, ftLastWriteTime.dwHighDateTime=0x1d5e5e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e02130 [0172.058] FindNextFileW (in: hFindFile=0x8e02130, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb2ca4e20, ftCreationTime.dwHighDateTime=0x1d5d800, ftLastAccessTime.dwLowDateTime=0x69f2f080, ftLastAccessTime.dwHighDateTime=0x1d5e5e8, ftLastWriteTime.dwLowDateTime=0x69f2f080, ftLastWriteTime.dwHighDateTime=0x1d5e5e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.058] FindNextFileW (in: hFindFile=0x8e02130, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e0626c0, ftCreationTime.dwHighDateTime=0x1d5e68f, ftLastAccessTime.dwLowDateTime=0x941654d0, ftLastAccessTime.dwHighDateTime=0x1d5db91, ftLastWriteTime.dwLowDateTime=0x941654d0, ftLastWriteTime.dwHighDateTime=0x1d5db91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1RRgi1e Skyto32FY", cAlternateFileName="1RRGI1~1")) returned 1 [0172.059] FindNextFileW (in: hFindFile=0x8e02130, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf72b9490, ftCreationTime.dwHighDateTime=0x1d5dcfe, ftLastAccessTime.dwLowDateTime=0x3710ecc0, ftLastAccessTime.dwHighDateTime=0x1d5db8f, ftLastWriteTime.dwLowDateTime=0x3710ecc0, ftLastWriteTime.dwHighDateTime=0x1d5db8f, nFileSizeHigh=0x0, nFileSizeLow=0x16633, dwReserved0=0x0, dwReserved1=0x0, cFileName="eumY_2hh31b8.swf", cAlternateFileName="EUMY_2~1.SWF")) returned 1 [0172.059] FindNextFileW (in: hFindFile=0x8e02130, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdb4d4170, ftCreationTime.dwHighDateTime=0x1d5e469, ftLastAccessTime.dwLowDateTime=0x74a47090, ftLastAccessTime.dwHighDateTime=0x1d5e763, ftLastWriteTime.dwLowDateTime=0x74a47090, ftLastWriteTime.dwHighDateTime=0x1d5e763, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vmPe", cAlternateFileName="")) returned 1 [0172.059] FindNextFileW (in: hFindFile=0x8e02130, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.059] FindClose (in: hFindFile=0x8e02130 | out: hFindFile=0x8e02130) returned 1 [0172.060] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe988) returned 1 [0172.060] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe994) returned 1 [0172.060] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.060] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY", lpFilePart=0x0) returned 0x46 [0172.060] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\", lpFilePart=0x0) returned 0x47 [0172.060] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e0626c0, ftCreationTime.dwHighDateTime=0x1d5e68f, ftLastAccessTime.dwLowDateTime=0x941654d0, ftLastAccessTime.dwHighDateTime=0x1d5db91, ftLastWriteTime.dwLowDateTime=0x941654d0, ftLastWriteTime.dwHighDateTime=0x1d5db91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e02130 [0172.062] FindNextFileW (in: hFindFile=0x8e02130, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e0626c0, ftCreationTime.dwHighDateTime=0x1d5e68f, ftLastAccessTime.dwLowDateTime=0x941654d0, ftLastAccessTime.dwHighDateTime=0x1d5db91, ftLastWriteTime.dwLowDateTime=0x941654d0, ftLastWriteTime.dwHighDateTime=0x1d5db91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.063] FindNextFileW (in: hFindFile=0x8e02130, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1149bf60, ftCreationTime.dwHighDateTime=0x1d5e140, ftLastAccessTime.dwLowDateTime=0x442dbf20, ftLastAccessTime.dwHighDateTime=0x1d5dd18, ftLastWriteTime.dwLowDateTime=0x442dbf20, ftLastWriteTime.dwHighDateTime=0x1d5dd18, nFileSizeHigh=0x0, nFileSizeLow=0x167d, dwReserved0=0x0, dwReserved1=0x0, cFileName="16_sZjiTA.avi", cAlternateFileName="16_SZJ~1.AVI")) returned 1 [0172.063] FindNextFileW (in: hFindFile=0x8e02130, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x87b9be10, ftCreationTime.dwHighDateTime=0x1d5e5a1, ftLastAccessTime.dwLowDateTime=0x392b7020, ftLastAccessTime.dwHighDateTime=0x1d5e265, ftLastWriteTime.dwLowDateTime=0x392b7020, ftLastWriteTime.dwHighDateTime=0x1d5e265, nFileSizeHigh=0x0, nFileSizeLow=0x959b, dwReserved0=0x0, dwReserved1=0x0, cFileName="VKyXUQUPpFM.bmp", cAlternateFileName="VKYXUQ~1.BMP")) returned 1 [0172.063] FindNextFileW (in: hFindFile=0x8e02130, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.063] FindClose (in: hFindFile=0x8e02130 | out: hFindFile=0x8e02130) returned 1 [0172.063] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.063] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.063] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.063] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY", lpFilePart=0x0) returned 0x46 [0172.063] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\", lpFilePart=0x0) returned 0x47 [0172.063] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e0626c0, ftCreationTime.dwHighDateTime=0x1d5e68f, ftLastAccessTime.dwLowDateTime=0x941654d0, ftLastAccessTime.dwHighDateTime=0x1d5db91, ftLastWriteTime.dwLowDateTime=0x941654d0, ftLastWriteTime.dwHighDateTime=0x1d5db91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e02130 [0172.063] FindNextFileW (in: hFindFile=0x8e02130, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e0626c0, ftCreationTime.dwHighDateTime=0x1d5e68f, ftLastAccessTime.dwLowDateTime=0x941654d0, ftLastAccessTime.dwHighDateTime=0x1d5db91, ftLastWriteTime.dwLowDateTime=0x941654d0, ftLastWriteTime.dwHighDateTime=0x1d5db91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.064] FindNextFileW (in: hFindFile=0x8e02130, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1149bf60, ftCreationTime.dwHighDateTime=0x1d5e140, ftLastAccessTime.dwLowDateTime=0x442dbf20, ftLastAccessTime.dwHighDateTime=0x1d5dd18, ftLastWriteTime.dwLowDateTime=0x442dbf20, ftLastWriteTime.dwHighDateTime=0x1d5dd18, nFileSizeHigh=0x0, nFileSizeLow=0x167d, dwReserved0=0x0, dwReserved1=0x0, cFileName="16_sZjiTA.avi", cAlternateFileName="16_SZJ~1.AVI")) returned 1 [0172.064] FindNextFileW (in: hFindFile=0x8e02130, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x87b9be10, ftCreationTime.dwHighDateTime=0x1d5e5a1, ftLastAccessTime.dwLowDateTime=0x392b7020, ftLastAccessTime.dwHighDateTime=0x1d5e265, ftLastWriteTime.dwLowDateTime=0x392b7020, ftLastWriteTime.dwHighDateTime=0x1d5e265, nFileSizeHigh=0x0, nFileSizeLow=0x959b, dwReserved0=0x0, dwReserved1=0x0, cFileName="VKyXUQUPpFM.bmp", cAlternateFileName="VKYXUQ~1.BMP")) returned 1 [0172.064] FindNextFileW (in: hFindFile=0x8e02130, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x87b9be10, ftCreationTime.dwHighDateTime=0x1d5e5a1, ftLastAccessTime.dwLowDateTime=0x392b7020, ftLastAccessTime.dwHighDateTime=0x1d5e265, ftLastWriteTime.dwLowDateTime=0x392b7020, ftLastWriteTime.dwHighDateTime=0x1d5e265, nFileSizeHigh=0x0, nFileSizeLow=0x959b, dwReserved0=0x0, dwReserved1=0x0, cFileName="VKyXUQUPpFM.bmp", cAlternateFileName="VKYXUQ~1.BMP")) returned 0 [0172.064] FindClose (in: hFindFile=0x8e02130 | out: hFindFile=0x8e02130) returned 1 [0172.064] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.064] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.064] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\16_sZjiTA.avi", nBufferLength=0x105, lpBuffer=0x3fe37c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\16_sZjiTA.avi", lpFilePart=0x0) returned 0x54 [0172.064] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe870) returned 1 [0172.064] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\16_sZjiTA.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ikufslt2xxhzbf\\1rrgi1e skyto32fy\\16_szjita.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0172.065] GetFileType (hFile=0x4d0) returned 0x1 [0172.065] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe86c) returned 1 [0172.065] GetFileType (hFile=0x4d0) returned 0x1 [0172.065] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe978 | out: lpFileSizeHigh=0x3fe978*=0x0) returned 0x167d [0172.065] ReadFile (in: hFile=0x4d0, lpBuffer=0x27d2a24, nNumberOfBytesToRead=0x167d, lpNumberOfBytesRead=0x3fe924, lpOverlapped=0x0 | out: lpBuffer=0x27d2a24*, lpNumberOfBytesRead=0x3fe924*=0x167d, lpOverlapped=0x0) returned 1 [0172.118] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0172.118] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0172.118] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe96c | out: lpFileInformation=0x3fe96c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0172.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0172.118] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\16_sZjiTA.avi", nBufferLength=0x105, lpBuffer=0x3fe364, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\16_sZjiTA.avi", lpFilePart=0x0) returned 0x54 [0172.118] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe858) returned 1 [0172.118] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\16_sZjiTA.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ikufslt2xxhzbf\\1rrgi1e skyto32fy\\16_szjita.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0172.119] GetFileType (hFile=0x4d0) returned 0x1 [0172.119] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe854) returned 1 [0172.119] GetFileType (hFile=0x4d0) returned 0x1 [0172.119] WriteFile (in: hFile=0x4d0, lpBuffer=0x255cf84*, nNumberOfBytesToWrite=0x1680, lpNumberOfBytesWritten=0x3fe914, lpOverlapped=0x0 | out: lpBuffer=0x255cf84*, lpNumberOfBytesWritten=0x3fe914*=0x1680, lpOverlapped=0x0) returned 1 [0172.120] CloseHandle (hObject=0x4d0) returned 1 [0172.121] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\16_sZjiTA.avi", nBufferLength=0x105, lpBuffer=0x3fe49c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\16_sZjiTA.avi", lpFilePart=0x0) returned 0x54 [0172.121] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\16_sZjiTA.avi.encrypted", nBufferLength=0x105, lpBuffer=0x3fe49c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\16_sZjiTA.avi.encrypted", lpFilePart=0x0) returned 0x5e [0172.121] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8fc) returned 1 [0172.122] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\16_sZjiTA.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ikufslt2xxhzbf\\1rrgi1e skyto32fy\\16_szjita.avi"), fInfoLevelId=0x0, lpFileInformation=0x3fe978 | out: lpFileInformation=0x3fe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1149bf60, ftCreationTime.dwHighDateTime=0x1d5e140, ftLastAccessTime.dwLowDateTime=0x442dbf20, ftLastAccessTime.dwHighDateTime=0x1d5dd18, ftLastWriteTime.dwLowDateTime=0x1b1bbe80, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x1680)) returned 1 [0172.125] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8f8) returned 1 [0172.125] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\16_sZjiTA.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ikufslt2xxhzbf\\1rrgi1e skyto32fy\\16_szjita.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\16_sZjiTA.avi.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ikufslt2xxhzbf\\1rrgi1e skyto32fy\\16_szjita.avi.encrypted")) returned 1 [0172.126] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\VKyXUQUPpFM.bmp", nBufferLength=0x105, lpBuffer=0x3fe37c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\VKyXUQUPpFM.bmp", lpFilePart=0x0) returned 0x56 [0172.126] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe870) returned 1 [0172.126] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\VKyXUQUPpFM.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ikufslt2xxhzbf\\1rrgi1e skyto32fy\\vkyxuquppfm.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0172.190] GetFileType (hFile=0x4d0) returned 0x1 [0172.190] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe86c) returned 1 [0172.190] GetFileType (hFile=0x4d0) returned 0x1 [0172.190] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe978 | out: lpFileSizeHigh=0x3fe978*=0x0) returned 0x959b [0172.190] ReadFile (in: hFile=0x4d0, lpBuffer=0x255ec28, nNumberOfBytesToRead=0x959b, lpNumberOfBytesRead=0x3fe924, lpOverlapped=0x0 | out: lpBuffer=0x255ec28*, lpNumberOfBytesRead=0x3fe924*=0x959b, lpOverlapped=0x0) returned 1 [0172.253] CloseHandle (hObject=0x4d0) returned 1 [0172.269] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0172.269] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0172.269] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe96c | out: lpFileInformation=0x3fe96c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0172.270] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0172.270] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\VKyXUQUPpFM.bmp", nBufferLength=0x105, lpBuffer=0x3fe364, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\VKyXUQUPpFM.bmp", lpFilePart=0x0) returned 0x56 [0172.270] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe858) returned 1 [0172.270] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\VKyXUQUPpFM.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ikufslt2xxhzbf\\1rrgi1e skyto32fy\\vkyxuquppfm.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0172.271] GetFileType (hFile=0x4d0) returned 0x1 [0172.271] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe854) returned 1 [0172.271] GetFileType (hFile=0x4d0) returned 0x1 [0172.271] WriteFile (in: hFile=0x4d0, lpBuffer=0x25da754*, nNumberOfBytesToWrite=0x95a0, lpNumberOfBytesWritten=0x3fe914, lpOverlapped=0x0 | out: lpBuffer=0x25da754*, lpNumberOfBytesWritten=0x3fe914*=0x95a0, lpOverlapped=0x0) returned 1 [0172.272] CloseHandle (hObject=0x4d0) returned 1 [0172.274] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\VKyXUQUPpFM.bmp", nBufferLength=0x105, lpBuffer=0x3fe49c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\VKyXUQUPpFM.bmp", lpFilePart=0x0) returned 0x56 [0172.274] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\VKyXUQUPpFM.bmp.encrypted", nBufferLength=0x105, lpBuffer=0x3fe49c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\VKyXUQUPpFM.bmp.encrypted", lpFilePart=0x0) returned 0x60 [0172.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8fc) returned 1 [0172.274] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\VKyXUQUPpFM.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ikufslt2xxhzbf\\1rrgi1e skyto32fy\\vkyxuquppfm.bmp"), fInfoLevelId=0x0, lpFileInformation=0x3fe978 | out: lpFileInformation=0x3fe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x87b9be10, ftCreationTime.dwHighDateTime=0x1d5e5a1, ftLastAccessTime.dwLowDateTime=0x392b7020, ftLastAccessTime.dwHighDateTime=0x1d5e265, ftLastWriteTime.dwLowDateTime=0x1b338c40, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x95a0)) returned 1 [0172.274] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8f8) returned 1 [0172.274] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\VKyXUQUPpFM.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ikufslt2xxhzbf\\1rrgi1e skyto32fy\\vkyxuquppfm.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\1RRgi1e Skyto32FY\\VKyXUQUPpFM.bmp.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ikufslt2xxhzbf\\1rrgi1e skyto32fy\\vkyxuquppfm.bmp.encrypted")) returned 1 [0172.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.278] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe", lpFilePart=0x0) returned 0x39 [0172.278] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\", lpFilePart=0x0) returned 0x3a [0172.278] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdb4d4170, ftCreationTime.dwHighDateTime=0x1d5e469, ftLastAccessTime.dwLowDateTime=0x74a47090, ftLastAccessTime.dwHighDateTime=0x1d5e763, ftLastWriteTime.dwLowDateTime=0x74a47090, ftLastWriteTime.dwHighDateTime=0x1d5e763, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e02230 [0172.280] FindNextFileW (in: hFindFile=0x8e02230, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdb4d4170, ftCreationTime.dwHighDateTime=0x1d5e469, ftLastAccessTime.dwLowDateTime=0x74a47090, ftLastAccessTime.dwHighDateTime=0x1d5e763, ftLastWriteTime.dwLowDateTime=0x74a47090, ftLastWriteTime.dwHighDateTime=0x1d5e763, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.280] FindNextFileW (in: hFindFile=0x8e02230, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa6b1db30, ftCreationTime.dwHighDateTime=0x1d5e6c4, ftLastAccessTime.dwLowDateTime=0xe2429430, ftLastAccessTime.dwHighDateTime=0x1d5e7a2, ftLastWriteTime.dwLowDateTime=0xe2429430, ftLastWriteTime.dwHighDateTime=0x1d5e7a2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EW26Hgvn-ZA ipq", cAlternateFileName="EW26HG~1")) returned 1 [0172.281] FindNextFileW (in: hFindFile=0x8e02230, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b6fef90, ftCreationTime.dwHighDateTime=0x1d5e3f1, ftLastAccessTime.dwLowDateTime=0x5b0d07c0, ftLastAccessTime.dwHighDateTime=0x1d5db68, ftLastWriteTime.dwLowDateTime=0x5b0d07c0, ftLastWriteTime.dwHighDateTime=0x1d5db68, nFileSizeHigh=0x0, nFileSizeLow=0x56a6, dwReserved0=0x0, dwReserved1=0x0, cFileName="pFAqEf Z.jpg", cAlternateFileName="PFAQEF~1.JPG")) returned 1 [0172.281] FindNextFileW (in: hFindFile=0x8e02230, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2267b40, ftCreationTime.dwHighDateTime=0x1d5dc45, ftLastAccessTime.dwLowDateTime=0x58877100, ftLastAccessTime.dwHighDateTime=0x1d5df1b, ftLastWriteTime.dwLowDateTime=0x58877100, ftLastWriteTime.dwHighDateTime=0x1d5df1b, nFileSizeHigh=0x0, nFileSizeLow=0x11aa3, dwReserved0=0x0, dwReserved1=0x0, cFileName="rP4vtfknnUHc6tVy.gif", cAlternateFileName="RP4VTF~1.GIF")) returned 1 [0172.281] FindNextFileW (in: hFindFile=0x8e02230, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.281] FindClose (in: hFindFile=0x8e02230 | out: hFindFile=0x8e02230) returned 1 [0172.282] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.282] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.282] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.282] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe", lpFilePart=0x0) returned 0x39 [0172.282] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\", lpFilePart=0x0) returned 0x3a [0172.282] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdb4d4170, ftCreationTime.dwHighDateTime=0x1d5e469, ftLastAccessTime.dwLowDateTime=0x74a47090, ftLastAccessTime.dwHighDateTime=0x1d5e763, ftLastWriteTime.dwLowDateTime=0x74a47090, ftLastWriteTime.dwHighDateTime=0x1d5e763, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e02230 [0172.283] FindNextFileW (in: hFindFile=0x8e02230, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdb4d4170, ftCreationTime.dwHighDateTime=0x1d5e469, ftLastAccessTime.dwLowDateTime=0x74a47090, ftLastAccessTime.dwHighDateTime=0x1d5e763, ftLastWriteTime.dwLowDateTime=0x74a47090, ftLastWriteTime.dwHighDateTime=0x1d5e763, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.283] FindNextFileW (in: hFindFile=0x8e02230, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa6b1db30, ftCreationTime.dwHighDateTime=0x1d5e6c4, ftLastAccessTime.dwLowDateTime=0xe2429430, ftLastAccessTime.dwHighDateTime=0x1d5e7a2, ftLastWriteTime.dwLowDateTime=0xe2429430, ftLastWriteTime.dwHighDateTime=0x1d5e7a2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EW26Hgvn-ZA ipq", cAlternateFileName="EW26HG~1")) returned 1 [0172.283] FindNextFileW (in: hFindFile=0x8e02230, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b6fef90, ftCreationTime.dwHighDateTime=0x1d5e3f1, ftLastAccessTime.dwLowDateTime=0x5b0d07c0, ftLastAccessTime.dwHighDateTime=0x1d5db68, ftLastWriteTime.dwLowDateTime=0x5b0d07c0, ftLastWriteTime.dwHighDateTime=0x1d5db68, nFileSizeHigh=0x0, nFileSizeLow=0x56a6, dwReserved0=0x0, dwReserved1=0x0, cFileName="pFAqEf Z.jpg", cAlternateFileName="PFAQEF~1.JPG")) returned 1 [0172.283] FindNextFileW (in: hFindFile=0x8e02230, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2267b40, ftCreationTime.dwHighDateTime=0x1d5dc45, ftLastAccessTime.dwLowDateTime=0x58877100, ftLastAccessTime.dwHighDateTime=0x1d5df1b, ftLastWriteTime.dwLowDateTime=0x58877100, ftLastWriteTime.dwHighDateTime=0x1d5df1b, nFileSizeHigh=0x0, nFileSizeLow=0x11aa3, dwReserved0=0x0, dwReserved1=0x0, cFileName="rP4vtfknnUHc6tVy.gif", cAlternateFileName="RP4VTF~1.GIF")) returned 1 [0172.284] FindNextFileW (in: hFindFile=0x8e02230, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2267b40, ftCreationTime.dwHighDateTime=0x1d5dc45, ftLastAccessTime.dwLowDateTime=0x58877100, ftLastAccessTime.dwHighDateTime=0x1d5df1b, ftLastWriteTime.dwLowDateTime=0x58877100, ftLastWriteTime.dwHighDateTime=0x1d5df1b, nFileSizeHigh=0x0, nFileSizeLow=0x11aa3, dwReserved0=0x0, dwReserved1=0x0, cFileName="rP4vtfknnUHc6tVy.gif", cAlternateFileName="RP4VTF~1.GIF")) returned 0 [0172.284] FindClose (in: hFindFile=0x8e02230 | out: hFindFile=0x8e02230) returned 1 [0172.284] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.284] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.284] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\pFAqEf Z.jpg", nBufferLength=0x105, lpBuffer=0x3fe37c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\pFAqEf Z.jpg", lpFilePart=0x0) returned 0x46 [0172.285] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe870) returned 1 [0172.285] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\pFAqEf Z.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ikufslt2xxhzbf\\vmpe\\pfaqef z.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0172.286] GetFileType (hFile=0x4d0) returned 0x1 [0172.286] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe86c) returned 1 [0172.286] GetFileType (hFile=0x4d0) returned 0x1 [0172.286] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe978 | out: lpFileSizeHigh=0x3fe978*=0x0) returned 0x56a6 [0172.286] ReadFile (in: hFile=0x4d0, lpBuffer=0x25e61fc, nNumberOfBytesToRead=0x56a6, lpNumberOfBytesRead=0x3fe924, lpOverlapped=0x0 | out: lpBuffer=0x25e61fc*, lpNumberOfBytesRead=0x3fe924*=0x56a6, lpOverlapped=0x0) returned 1 [0172.288] CloseHandle (hObject=0x4d0) returned 1 [0172.302] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0172.302] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8f0) returned 1 [0172.302] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe96c | out: lpFileInformation=0x3fe96c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0172.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ec) returned 1 [0172.303] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\pFAqEf Z.jpg", nBufferLength=0x105, lpBuffer=0x3fe364, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\pFAqEf Z.jpg", lpFilePart=0x0) returned 0x46 [0172.303] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe858) returned 1 [0172.303] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\pFAqEf Z.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ikufslt2xxhzbf\\vmpe\\pfaqef z.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0172.304] GetFileType (hFile=0x4d0) returned 0x1 [0172.304] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe854) returned 1 [0172.304] GetFileType (hFile=0x4d0) returned 0x1 [0172.304] WriteFile (in: hFile=0x4d0, lpBuffer=0x264e11c*, nNumberOfBytesToWrite=0x56b0, lpNumberOfBytesWritten=0x3fe914, lpOverlapped=0x0 | out: lpBuffer=0x264e11c*, lpNumberOfBytesWritten=0x3fe914*=0x56b0, lpOverlapped=0x0) returned 1 [0172.305] CloseHandle (hObject=0x4d0) returned 1 [0172.306] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\pFAqEf Z.jpg", nBufferLength=0x105, lpBuffer=0x3fe49c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\pFAqEf Z.jpg", lpFilePart=0x0) returned 0x46 [0172.306] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\pFAqEf Z.jpg.encrypted", nBufferLength=0x105, lpBuffer=0x3fe49c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\pFAqEf Z.jpg.encrypted", lpFilePart=0x0) returned 0x50 [0172.306] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8fc) returned 1 [0172.306] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\pFAqEf Z.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ikufslt2xxhzbf\\vmpe\\pfaqef z.jpg"), fInfoLevelId=0x0, lpFileInformation=0x3fe978 | out: lpFileInformation=0x3fe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b6fef90, ftCreationTime.dwHighDateTime=0x1d5e3f1, ftLastAccessTime.dwLowDateTime=0x5b0d07c0, ftLastAccessTime.dwHighDateTime=0x1d5db68, ftLastWriteTime.dwLowDateTime=0x1b384f00, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x56b0)) returned 1 [0172.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8f8) returned 1 [0172.306] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\pFAqEf Z.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ikufslt2xxhzbf\\vmpe\\pfaqef z.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\pFAqEf Z.jpg.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ikufslt2xxhzbf\\vmpe\\pfaqef z.jpg.encrypted")) returned 1 [0172.308] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0172.308] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq", lpFilePart=0x0) returned 0x49 [0172.308] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\", lpFilePart=0x0) returned 0x4a [0172.308] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa6b1db30, ftCreationTime.dwHighDateTime=0x1d5e6c4, ftLastAccessTime.dwLowDateTime=0xe2429430, ftLastAccessTime.dwHighDateTime=0x1d5e7a2, ftLastWriteTime.dwLowDateTime=0xe2429430, ftLastWriteTime.dwHighDateTime=0x1d5e7a2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e022b0 [0172.310] FindNextFileW (in: hFindFile=0x8e022b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa6b1db30, ftCreationTime.dwHighDateTime=0x1d5e6c4, ftLastAccessTime.dwLowDateTime=0xe2429430, ftLastAccessTime.dwHighDateTime=0x1d5e7a2, ftLastWriteTime.dwLowDateTime=0xe2429430, ftLastWriteTime.dwHighDateTime=0x1d5e7a2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.310] FindNextFileW (in: hFindFile=0x8e022b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3a654820, ftCreationTime.dwHighDateTime=0x1d5dfd2, ftLastAccessTime.dwLowDateTime=0xb7b07fc0, ftLastAccessTime.dwHighDateTime=0x1d5e428, ftLastWriteTime.dwLowDateTime=0xb7b07fc0, ftLastWriteTime.dwHighDateTime=0x1d5e428, nFileSizeHigh=0x0, nFileSizeLow=0xd234, dwReserved0=0x0, dwReserved1=0x0, cFileName="8r8sucz2oACgirdr.mp4", cAlternateFileName="8R8SUC~1.MP4")) returned 1 [0172.310] FindNextFileW (in: hFindFile=0x8e022b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd86a2000, ftCreationTime.dwHighDateTime=0x1d5e2fb, ftLastAccessTime.dwLowDateTime=0x9a5146b0, ftLastAccessTime.dwHighDateTime=0x1d5d7c3, ftLastWriteTime.dwLowDateTime=0x9a5146b0, ftLastWriteTime.dwHighDateTime=0x1d5d7c3, nFileSizeHigh=0x0, nFileSizeLow=0x2930, dwReserved0=0x0, dwReserved1=0x0, cFileName="KOU4d.rtf", cAlternateFileName="")) returned 1 [0172.310] FindNextFileW (in: hFindFile=0x8e022b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9fd75c0, ftCreationTime.dwHighDateTime=0x1d5e080, ftLastAccessTime.dwLowDateTime=0xb743540, ftLastAccessTime.dwHighDateTime=0x1d5e5ee, ftLastWriteTime.dwLowDateTime=0xb743540, ftLastWriteTime.dwHighDateTime=0x1d5e5ee, nFileSizeHigh=0x0, nFileSizeLow=0x163ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="llUuzRHiH.wav", cAlternateFileName="LLUUZR~1.WAV")) returned 1 [0172.311] FindNextFileW (in: hFindFile=0x8e022b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.311] FindClose (in: hFindFile=0x8e022b0 | out: hFindFile=0x8e022b0) returned 1 [0172.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0172.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0172.312] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0172.312] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq", lpFilePart=0x0) returned 0x49 [0172.312] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\", lpFilePart=0x0) returned 0x4a [0172.312] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa6b1db30, ftCreationTime.dwHighDateTime=0x1d5e6c4, ftLastAccessTime.dwLowDateTime=0xe2429430, ftLastAccessTime.dwHighDateTime=0x1d5e7a2, ftLastWriteTime.dwLowDateTime=0xe2429430, ftLastWriteTime.dwHighDateTime=0x1d5e7a2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e022b0 [0172.313] FindNextFileW (in: hFindFile=0x8e022b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa6b1db30, ftCreationTime.dwHighDateTime=0x1d5e6c4, ftLastAccessTime.dwLowDateTime=0xe2429430, ftLastAccessTime.dwHighDateTime=0x1d5e7a2, ftLastWriteTime.dwLowDateTime=0xe2429430, ftLastWriteTime.dwHighDateTime=0x1d5e7a2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.313] FindNextFileW (in: hFindFile=0x8e022b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3a654820, ftCreationTime.dwHighDateTime=0x1d5dfd2, ftLastAccessTime.dwLowDateTime=0xb7b07fc0, ftLastAccessTime.dwHighDateTime=0x1d5e428, ftLastWriteTime.dwLowDateTime=0xb7b07fc0, ftLastWriteTime.dwHighDateTime=0x1d5e428, nFileSizeHigh=0x0, nFileSizeLow=0xd234, dwReserved0=0x0, dwReserved1=0x0, cFileName="8r8sucz2oACgirdr.mp4", cAlternateFileName="8R8SUC~1.MP4")) returned 1 [0172.313] FindNextFileW (in: hFindFile=0x8e022b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd86a2000, ftCreationTime.dwHighDateTime=0x1d5e2fb, ftLastAccessTime.dwLowDateTime=0x9a5146b0, ftLastAccessTime.dwHighDateTime=0x1d5d7c3, ftLastWriteTime.dwLowDateTime=0x9a5146b0, ftLastWriteTime.dwHighDateTime=0x1d5d7c3, nFileSizeHigh=0x0, nFileSizeLow=0x2930, dwReserved0=0x0, dwReserved1=0x0, cFileName="KOU4d.rtf", cAlternateFileName="")) returned 1 [0172.313] FindNextFileW (in: hFindFile=0x8e022b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9fd75c0, ftCreationTime.dwHighDateTime=0x1d5e080, ftLastAccessTime.dwLowDateTime=0xb743540, ftLastAccessTime.dwHighDateTime=0x1d5e5ee, ftLastWriteTime.dwLowDateTime=0xb743540, ftLastWriteTime.dwHighDateTime=0x1d5e5ee, nFileSizeHigh=0x0, nFileSizeLow=0x163ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="llUuzRHiH.wav", cAlternateFileName="LLUUZR~1.WAV")) returned 1 [0172.313] FindNextFileW (in: hFindFile=0x8e022b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9fd75c0, ftCreationTime.dwHighDateTime=0x1d5e080, ftLastAccessTime.dwLowDateTime=0xb743540, ftLastAccessTime.dwHighDateTime=0x1d5e5ee, ftLastWriteTime.dwLowDateTime=0xb743540, ftLastWriteTime.dwHighDateTime=0x1d5e5ee, nFileSizeHigh=0x0, nFileSizeLow=0x163ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="llUuzRHiH.wav", cAlternateFileName="LLUUZR~1.WAV")) returned 0 [0172.313] FindClose (in: hFindFile=0x8e022b0 | out: hFindFile=0x8e022b0) returned 1 [0172.314] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0172.314] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0172.314] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\8r8sucz2oACgirdr.mp4", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\8r8sucz2oACgirdr.mp4", lpFilePart=0x0) returned 0x5e [0172.315] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0172.315] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\8r8sucz2oACgirdr.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ikufslt2xxhzbf\\vmpe\\ew26hgvn-za ipq\\8r8sucz2oacgirdr.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0172.316] GetFileType (hFile=0x4d0) returned 0x1 [0172.316] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0172.316] GetFileType (hFile=0x4d0) returned 0x1 [0172.316] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0xd234 [0172.316] ReadFile (in: hFile=0x4d0, lpBuffer=0x26560b4, nNumberOfBytesToRead=0xd234, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x26560b4*, lpNumberOfBytesRead=0x3fe8e4*=0xd234, lpOverlapped=0x0) returned 1 [0172.318] CloseHandle (hObject=0x4d0) returned 1 [0172.335] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0172.335] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0172.335] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0172.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0172.335] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\8r8sucz2oACgirdr.mp4", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\8r8sucz2oACgirdr.mp4", lpFilePart=0x0) returned 0x5e [0172.335] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0172.335] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\8r8sucz2oACgirdr.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ikufslt2xxhzbf\\vmpe\\ew26hgvn-za ipq\\8r8sucz2oacgirdr.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0172.337] GetFileType (hFile=0x4d0) returned 0x1 [0172.337] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0172.337] GetFileType (hFile=0x4d0) returned 0x1 [0172.337] WriteFile (in: hFile=0x4d0, lpBuffer=0x26ca534*, nNumberOfBytesToWrite=0xd240, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0x26ca534*, lpNumberOfBytesWritten=0x3fe8d4*=0xd240, lpOverlapped=0x0) returned 1 [0172.338] CloseHandle (hObject=0x4d0) returned 1 [0172.344] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\8r8sucz2oACgirdr.mp4", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\8r8sucz2oACgirdr.mp4", lpFilePart=0x0) returned 0x5e [0172.344] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\8r8sucz2oACgirdr.mp4.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\8r8sucz2oACgirdr.mp4.encrypted", lpFilePart=0x0) returned 0x68 [0172.344] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0172.344] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\8r8sucz2oACgirdr.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ikufslt2xxhzbf\\vmpe\\ew26hgvn-za ipq\\8r8sucz2oacgirdr.mp4"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3a654820, ftCreationTime.dwHighDateTime=0x1d5dfd2, ftLastAccessTime.dwLowDateTime=0xb7b07fc0, ftLastAccessTime.dwHighDateTime=0x1d5e428, ftLastWriteTime.dwLowDateTime=0x1b3d11c0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0xd240)) returned 1 [0172.344] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0172.344] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\8r8sucz2oACgirdr.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ikufslt2xxhzbf\\vmpe\\ew26hgvn-za ipq\\8r8sucz2oacgirdr.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\8r8sucz2oACgirdr.mp4.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ikufslt2xxhzbf\\vmpe\\ew26hgvn-za ipq\\8r8sucz2oacgirdr.mp4.encrypted")) returned 1 [0172.345] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\KOU4d.rtf", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\KOU4d.rtf", lpFilePart=0x0) returned 0x53 [0172.346] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0172.346] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\KOU4d.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ikufslt2xxhzbf\\vmpe\\ew26hgvn-za ipq\\kou4d.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0172.347] GetFileType (hFile=0x4d0) returned 0x1 [0172.347] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0172.347] GetFileType (hFile=0x4d0) returned 0x1 [0172.347] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x2930 [0172.347] ReadFile (in: hFile=0x4d0, lpBuffer=0x26d7de4, nNumberOfBytesToRead=0x2930, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x26d7de4*, lpNumberOfBytesRead=0x3fe8e4*=0x2930, lpOverlapped=0x0) returned 1 [0172.349] CloseHandle (hObject=0x4d0) returned 1 [0172.370] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0172.370] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0172.370] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0172.370] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0172.370] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\KOU4d.rtf", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\KOU4d.rtf", lpFilePart=0x0) returned 0x53 [0172.370] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0172.370] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\KOU4d.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ikufslt2xxhzbf\\vmpe\\ew26hgvn-za ipq\\kou4d.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0172.371] GetFileType (hFile=0x4d0) returned 0x1 [0172.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0172.371] GetFileType (hFile=0x4d0) returned 0x1 [0172.371] WriteFile (in: hFile=0x4d0, lpBuffer=0x27319d0*, nNumberOfBytesToWrite=0x2940, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0x27319d0*, lpNumberOfBytesWritten=0x3fe8d4*=0x2940, lpOverlapped=0x0) returned 1 [0172.372] CloseHandle (hObject=0x4d0) returned 1 [0172.373] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\KOU4d.rtf", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\KOU4d.rtf", lpFilePart=0x0) returned 0x53 [0172.373] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\KOU4d.rtf.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\KOU4d.rtf.encrypted", lpFilePart=0x0) returned 0x5d [0172.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0172.373] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\KOU4d.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ikufslt2xxhzbf\\vmpe\\ew26hgvn-za ipq\\kou4d.rtf"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd86a2000, ftCreationTime.dwHighDateTime=0x1d5e2fb, ftLastAccessTime.dwLowDateTime=0x9a5146b0, ftLastAccessTime.dwHighDateTime=0x1d5d7c3, ftLastWriteTime.dwLowDateTime=0x1b41d480, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x2940)) returned 1 [0172.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0172.374] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\KOU4d.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ikufslt2xxhzbf\\vmpe\\ew26hgvn-za ipq\\kou4d.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\IKufslt2XxHzBF\\vmPe\\EW26Hgvn-ZA ipq\\KOU4d.rtf.encrypted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ikufslt2xxhzbf\\vmpe\\ew26hgvn-za ipq\\kou4d.rtf.encrypted")) returned 1 [0172.375] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fea08) returned 1 [0172.375] GetFullPathNameW (in: lpFileName="D:\\", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="D:\\", lpFilePart=0x0) returned 0x3 [0172.375] GetFullPathNameW (in: lpFileName="D:\\", nBufferLength=0x105, lpBuffer=0x3fe4e4, lpFilePart=0x0 | out: lpBuffer="D:\\", lpFilePart=0x0) returned 0x3 [0172.377] FindFirstFileW (in: lpFileName="D:\\*", lpFindFileData=0x3fe730 | out: lpFindFileData=0x3fe730*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0172.377] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe9cc) returned 1 [0172.417] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fea08) returned 1 [0172.417] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0172.417] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x3fe4e4, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0172.417] FindFirstFileW (in: lpFileName="C:\\*", lpFindFileData=0x3fe730 | out: lpFindFileData=0x3fe730*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x8e023b0 [0172.417] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0172.418] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0172.418] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0172.418] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0172.418] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0172.418] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xf907fd40, ftLastWriteTime.dwHighDateTime=0x1d5f0a8, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0172.418] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0172.419] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xf9437fa0, ftLastWriteTime.dwHighDateTime=0x1d5f0a8, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0x0, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0172.419] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0172.419] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xdeacf120, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdeacf120, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0172.419] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0172.419] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0172.420] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0172.420] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xa1602bc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa1602bc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0172.420] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 1 [0172.420] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0172.420] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0 [0172.421] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.421] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe9c8) returned 1 [0172.421] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe9d4) returned 1 [0172.421] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fea08) returned 1 [0172.421] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x3fe510, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0172.421] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x3fe4e4, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0172.421] FindFirstFileW (in: lpFileName="C:\\*", lpFindFileData=0x3fe730 | out: lpFindFileData=0x3fe730*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x8e023b0 [0172.421] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0172.421] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0172.422] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0172.422] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0172.422] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0172.422] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xf907fd40, ftLastWriteTime.dwHighDateTime=0x1d5f0a8, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0172.422] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0172.422] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xf9437fa0, ftLastWriteTime.dwHighDateTime=0x1d5f0a8, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0x0, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0172.423] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0172.423] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xdeacf120, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdeacf120, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0172.423] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0172.423] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0172.423] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0172.423] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xa1602bc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa1602bc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0172.424] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 1 [0172.424] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0172.424] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe740 | out: lpFindFileData=0x3fe740*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.424] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe9c8) returned 1 [0172.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe9d4) returned 1 [0172.424] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe9c8) returned 1 [0172.424] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin", lpFilePart=0x0) returned 0xf [0172.424] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin\\", nBufferLength=0x105, lpBuffer=0x3fe4a4, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin\\", lpFilePart=0x0) returned 0x10 [0172.425] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*", lpFindFileData=0x3fe6f0 | out: lpFindFileData=0x3fe6f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.425] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.425] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0172.425] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 0 [0172.426] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe988) returned 1 [0172.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe994) returned 1 [0172.426] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe9c8) returned 1 [0172.426] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin", lpFilePart=0x0) returned 0xf [0172.426] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin\\", nBufferLength=0x105, lpBuffer=0x3fe4a4, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin\\", lpFilePart=0x0) returned 0x10 [0172.426] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*", lpFindFileData=0x3fe6f0 | out: lpFindFileData=0x3fe6f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.426] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.426] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0172.427] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.427] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.427] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe988) returned 1 [0172.427] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe994) returned 1 [0172.427] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.427] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000", lpFilePart=0x0) returned 0x3e [0172.427] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpFilePart=0x0) returned 0x3f [0172.427] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.427] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.428] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0172.428] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.428] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.428] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.428] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.428] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000", lpFilePart=0x0) returned 0x3e [0172.428] GetFullPathNameW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\", lpFilePart=0x0) returned 0x3f [0172.428] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.429] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.429] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0172.429] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0172.429] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.429] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe9c8) returned 1 [0172.429] GetFullPathNameW (in: lpFileName="C:\\Boot", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot", lpFilePart=0x0) returned 0x7 [0172.430] GetFullPathNameW (in: lpFileName="C:\\Boot\\", nBufferLength=0x105, lpBuffer=0x3fe4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\", lpFilePart=0x0) returned 0x8 [0172.430] FindFirstFileW (in: lpFileName="C:\\Boot\\*", lpFindFileData=0x3fe6f0 | out: lpFindFileData=0x3fe6f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.433] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.433] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xe8850f80, ftLastAccessTime.dwHighDateTime=0x1d5f0a8, ftLastWriteTime.dwLowDateTime=0xe8850f80, ftLastWriteTime.dwHighDateTime=0x1d5f0a8, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD", cAlternateFileName="")) returned 1 [0172.433] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac2e8a60, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe82cfca0, ftLastWriteTime.dwHighDateTime=0x1d5f0a8, nFileSizeHigh=0x0, nFileSizeLow=0x5400, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0172.433] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0172.433] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0172.433] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0172.434] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0172.434] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da-DK", cAlternateFileName="")) returned 1 [0172.434] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de-DE", cAlternateFileName="")) returned 1 [0172.434] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el-GR", cAlternateFileName="")) returned 1 [0172.434] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0172.434] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es-ES", cAlternateFileName="")) returned 1 [0172.435] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0172.435] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fonts", cAlternateFileName="")) returned 1 [0172.435] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0172.435] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0172.435] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it-IT", cAlternateFileName="")) returned 1 [0172.436] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0172.436] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0172.436] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0172.436] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0172.436] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0172.436] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0172.437] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0172.437] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0172.437] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0172.437] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0172.437] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0172.438] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0172.438] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-HK", cAlternateFileName="")) returned 1 [0172.438] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0172.438] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 0 [0172.438] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.438] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe988) returned 1 [0172.438] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe994) returned 1 [0172.438] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe9c8) returned 1 [0172.439] GetFullPathNameW (in: lpFileName="C:\\Boot", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Boot", lpFilePart=0x0) returned 0x7 [0172.439] GetFullPathNameW (in: lpFileName="C:\\Boot\\", nBufferLength=0x105, lpBuffer=0x3fe4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\", lpFilePart=0x0) returned 0x8 [0172.439] FindFirstFileW (in: lpFileName="C:\\Boot\\*", lpFindFileData=0x3fe6f0 | out: lpFindFileData=0x3fe6f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.439] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.439] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xe8850f80, ftLastAccessTime.dwHighDateTime=0x1d5f0a8, ftLastWriteTime.dwLowDateTime=0xe8850f80, ftLastWriteTime.dwHighDateTime=0x1d5f0a8, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD", cAlternateFileName="")) returned 1 [0172.439] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac2e8a60, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe82cfca0, ftLastWriteTime.dwHighDateTime=0x1d5f0a8, nFileSizeHigh=0x0, nFileSizeLow=0x5400, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0172.440] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0172.440] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0172.440] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0172.440] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0172.440] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da-DK", cAlternateFileName="")) returned 1 [0172.440] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de-DE", cAlternateFileName="")) returned 1 [0172.441] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el-GR", cAlternateFileName="")) returned 1 [0172.441] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0172.441] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es-ES", cAlternateFileName="")) returned 1 [0172.441] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0172.441] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fonts", cAlternateFileName="")) returned 1 [0172.441] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0172.441] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0172.442] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it-IT", cAlternateFileName="")) returned 1 [0172.442] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0172.442] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0172.442] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0172.442] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0172.442] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0172.442] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0172.442] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0172.442] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0172.443] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0172.443] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0172.443] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0172.443] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0172.443] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-HK", cAlternateFileName="")) returned 1 [0172.443] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0172.443] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe700 | out: lpFindFileData=0x3fe700*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.443] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.443] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe988) returned 1 [0172.443] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe994) returned 1 [0172.444] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.444] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ", lpFilePart=0x0) returned 0xd [0172.444] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\", lpFilePart=0x0) returned 0xe [0172.444] FindFirstFileW (in: lpFileName="C:\\Boot\\cs-CZ\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.445] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.445] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.445] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.445] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.445] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.445] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.446] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.446] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ", lpFilePart=0x0) returned 0xd [0172.446] GetFullPathNameW (in: lpFileName="C:\\Boot\\cs-CZ\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\cs-CZ\\", lpFilePart=0x0) returned 0xe [0172.446] FindFirstFileW (in: lpFileName="C:\\Boot\\cs-CZ\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.446] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.446] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.446] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0172.446] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.446] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.447] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.447] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK", lpFilePart=0x0) returned 0xd [0172.447] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\", lpFilePart=0x0) returned 0xe [0172.447] FindFirstFileW (in: lpFileName="C:\\Boot\\da-DK\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.447] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.447] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.448] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.448] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.448] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.448] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.448] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.448] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK", lpFilePart=0x0) returned 0xd [0172.448] GetFullPathNameW (in: lpFileName="C:\\Boot\\da-DK\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\da-DK\\", lpFilePart=0x0) returned 0xe [0172.448] FindFirstFileW (in: lpFileName="C:\\Boot\\da-DK\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.448] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.448] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.449] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0172.449] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.449] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE", lpFilePart=0x0) returned 0xd [0172.449] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\", lpFilePart=0x0) returned 0xe [0172.449] FindFirstFileW (in: lpFileName="C:\\Boot\\de-DE\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.450] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.450] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.450] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.450] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.451] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.451] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.451] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.451] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE", lpFilePart=0x0) returned 0xd [0172.451] GetFullPathNameW (in: lpFileName="C:\\Boot\\de-DE\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\de-DE\\", lpFilePart=0x0) returned 0xe [0172.451] FindFirstFileW (in: lpFileName="C:\\Boot\\de-DE\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.451] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.451] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.451] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0172.452] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.452] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.452] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.452] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.452] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR", lpFilePart=0x0) returned 0xd [0172.452] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\", lpFilePart=0x0) returned 0xe [0172.452] FindFirstFileW (in: lpFileName="C:\\Boot\\el-GR\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.452] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.452] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.453] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.453] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.453] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.453] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.453] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.453] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR", lpFilePart=0x0) returned 0xd [0172.453] GetFullPathNameW (in: lpFileName="C:\\Boot\\el-GR\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\el-GR\\", lpFilePart=0x0) returned 0xe [0172.453] FindFirstFileW (in: lpFileName="C:\\Boot\\el-GR\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.453] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.453] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.454] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0172.454] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.454] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.454] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.454] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.454] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US", lpFilePart=0x0) returned 0xd [0172.454] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\", lpFilePart=0x0) returned 0xe [0172.454] FindFirstFileW (in: lpFileName="C:\\Boot\\en-US\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.455] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.456] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.456] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0172.456] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.456] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.456] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.456] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.456] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.456] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US", lpFilePart=0x0) returned 0xd [0172.456] GetFullPathNameW (in: lpFileName="C:\\Boot\\en-US\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\en-US\\", lpFilePart=0x0) returned 0xe [0172.456] FindFirstFileW (in: lpFileName="C:\\Boot\\en-US\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.457] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.457] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.457] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0172.457] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0172.457] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.457] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.457] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.458] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.458] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES", lpFilePart=0x0) returned 0xd [0172.458] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES\\", lpFilePart=0x0) returned 0xe [0172.458] FindFirstFileW (in: lpFileName="C:\\Boot\\es-ES\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.459] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.459] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.459] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.459] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.459] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.459] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.459] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.459] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES", lpFilePart=0x0) returned 0xd [0172.460] GetFullPathNameW (in: lpFileName="C:\\Boot\\es-ES\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\es-ES\\", lpFilePart=0x0) returned 0xe [0172.460] FindFirstFileW (in: lpFileName="C:\\Boot\\es-ES\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.460] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.460] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.460] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0172.460] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.460] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.460] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.461] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.461] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI", lpFilePart=0x0) returned 0xd [0172.461] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI\\", lpFilePart=0x0) returned 0xe [0172.461] FindFirstFileW (in: lpFileName="C:\\Boot\\fi-FI\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.461] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.461] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.461] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.462] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.462] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.462] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.462] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.462] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI", lpFilePart=0x0) returned 0xd [0172.462] GetFullPathNameW (in: lpFileName="C:\\Boot\\fi-FI\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fi-FI\\", lpFilePart=0x0) returned 0xe [0172.462] FindFirstFileW (in: lpFileName="C:\\Boot\\fi-FI\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.462] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.462] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.463] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0172.463] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.463] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.463] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.463] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.463] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts", lpFilePart=0x0) returned 0xd [0172.463] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\", lpFilePart=0x0) returned 0xe [0172.463] FindFirstFileW (in: lpFileName="C:\\Boot\\Fonts\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.464] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.464] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x64c5ad69, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x385e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="chs_boot.ttf", cAlternateFileName="")) returned 1 [0172.464] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac191e00, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac191e00, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6505f253, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3b27a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="cht_boot.ttf", cAlternateFileName="")) returned 1 [0172.465] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac204220, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac204220, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65274577, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x1e46e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="jpn_boot.ttf", cAlternateFileName="")) returned 1 [0172.465] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac22a380, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac22a380, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6530caef, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x242f20, dwReserved0=0x0, dwReserved1=0x0, cFileName="kor_boot.ttf", cAlternateFileName="")) returned 1 [0172.465] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 1 [0172.465] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.465] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.465] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.465] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.465] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.465] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts", lpFilePart=0x0) returned 0xd [0172.465] GetFullPathNameW (in: lpFileName="C:\\Boot\\Fonts\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\Fonts\\", lpFilePart=0x0) returned 0xe [0172.466] FindFirstFileW (in: lpFileName="C:\\Boot\\Fonts\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.466] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.466] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x64c5ad69, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x385e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="chs_boot.ttf", cAlternateFileName="")) returned 1 [0172.466] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac191e00, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac191e00, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6505f253, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3b27a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="cht_boot.ttf", cAlternateFileName="")) returned 1 [0172.466] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac204220, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac204220, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65274577, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x1e46e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="jpn_boot.ttf", cAlternateFileName="")) returned 1 [0172.466] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac22a380, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac22a380, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6530caef, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x242f20, dwReserved0=0x0, dwReserved1=0x0, cFileName="kor_boot.ttf", cAlternateFileName="")) returned 1 [0172.467] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 1 [0172.467] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 0 [0172.467] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.467] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.467] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.467] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.467] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR", lpFilePart=0x0) returned 0xd [0172.467] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR\\", lpFilePart=0x0) returned 0xe [0172.467] FindFirstFileW (in: lpFileName="C:\\Boot\\fr-FR\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.468] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.469] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.469] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.469] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.469] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.469] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.469] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.469] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR", lpFilePart=0x0) returned 0xd [0172.469] GetFullPathNameW (in: lpFileName="C:\\Boot\\fr-FR\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\fr-FR\\", lpFilePart=0x0) returned 0xe [0172.469] FindFirstFileW (in: lpFileName="C:\\Boot\\fr-FR\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.470] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.470] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.470] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0172.470] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.470] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.470] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.470] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.470] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU", lpFilePart=0x0) returned 0xd [0172.470] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU\\", lpFilePart=0x0) returned 0xe [0172.470] FindFirstFileW (in: lpFileName="C:\\Boot\\hu-HU\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.472] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.473] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.473] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.473] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.473] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.473] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.473] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.473] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU", lpFilePart=0x0) returned 0xd [0172.473] GetFullPathNameW (in: lpFileName="C:\\Boot\\hu-HU\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\hu-HU\\", lpFilePart=0x0) returned 0xe [0172.473] FindFirstFileW (in: lpFileName="C:\\Boot\\hu-HU\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.474] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.474] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.474] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0172.474] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.474] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT", lpFilePart=0x0) returned 0xd [0172.474] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT\\", lpFilePart=0x0) returned 0xe [0172.475] FindFirstFileW (in: lpFileName="C:\\Boot\\it-IT\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.476] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.476] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.476] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.476] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.476] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.476] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.476] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.476] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT", lpFilePart=0x0) returned 0xd [0172.476] GetFullPathNameW (in: lpFileName="C:\\Boot\\it-IT\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\it-IT\\", lpFilePart=0x0) returned 0xe [0172.476] FindFirstFileW (in: lpFileName="C:\\Boot\\it-IT\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.477] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.477] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.477] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0172.477] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.477] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.477] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.477] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.477] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP", lpFilePart=0x0) returned 0xd [0172.477] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP\\", lpFilePart=0x0) returned 0xe [0172.477] FindFirstFileW (in: lpFileName="C:\\Boot\\ja-JP\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.478] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.478] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.478] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.478] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.478] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.478] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.478] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.478] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP", lpFilePart=0x0) returned 0xd [0172.478] GetFullPathNameW (in: lpFileName="C:\\Boot\\ja-JP\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ja-JP\\", lpFilePart=0x0) returned 0xe [0172.478] FindFirstFileW (in: lpFileName="C:\\Boot\\ja-JP\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.479] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.479] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.479] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0172.479] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.479] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.479] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.479] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.479] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR", lpFilePart=0x0) returned 0xd [0172.479] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR\\", lpFilePart=0x0) returned 0xe [0172.479] FindFirstFileW (in: lpFileName="C:\\Boot\\ko-KR\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.480] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.481] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.481] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.481] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.481] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.481] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.481] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.481] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR", lpFilePart=0x0) returned 0xd [0172.481] GetFullPathNameW (in: lpFileName="C:\\Boot\\ko-KR\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ko-KR\\", lpFilePart=0x0) returned 0xe [0172.481] FindFirstFileW (in: lpFileName="C:\\Boot\\ko-KR\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.481] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.482] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.482] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0172.482] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.482] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO", lpFilePart=0x0) returned 0xd [0172.482] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO\\", lpFilePart=0x0) returned 0xe [0172.482] FindFirstFileW (in: lpFileName="C:\\Boot\\nb-NO\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.482] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.483] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.483] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.483] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.483] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.483] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO", lpFilePart=0x0) returned 0xd [0172.483] GetFullPathNameW (in: lpFileName="C:\\Boot\\nb-NO\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nb-NO\\", lpFilePart=0x0) returned 0xe [0172.483] FindFirstFileW (in: lpFileName="C:\\Boot\\nb-NO\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.483] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.483] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.484] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0172.484] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.484] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.484] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL", lpFilePart=0x0) returned 0xd [0172.484] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL\\", lpFilePart=0x0) returned 0xe [0172.484] FindFirstFileW (in: lpFileName="C:\\Boot\\nl-NL\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.485] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.485] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.485] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.485] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.486] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.486] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL", lpFilePart=0x0) returned 0xd [0172.486] GetFullPathNameW (in: lpFileName="C:\\Boot\\nl-NL\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\nl-NL\\", lpFilePart=0x0) returned 0xe [0172.486] FindFirstFileW (in: lpFileName="C:\\Boot\\nl-NL\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.486] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.486] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.486] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0172.486] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.487] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.487] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL", lpFilePart=0x0) returned 0xd [0172.487] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL\\", lpFilePart=0x0) returned 0xe [0172.487] FindFirstFileW (in: lpFileName="C:\\Boot\\pl-PL\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.487] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.487] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.487] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.487] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.488] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.488] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL", lpFilePart=0x0) returned 0xd [0172.488] GetFullPathNameW (in: lpFileName="C:\\Boot\\pl-PL\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pl-PL\\", lpFilePart=0x0) returned 0xe [0172.488] FindFirstFileW (in: lpFileName="C:\\Boot\\pl-PL\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.488] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.488] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.488] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0172.488] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.489] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.489] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.489] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.489] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR", lpFilePart=0x0) returned 0xd [0172.489] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR\\", lpFilePart=0x0) returned 0xe [0172.489] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-BR\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.490] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.490] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.490] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.490] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.490] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.490] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.490] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.490] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR", lpFilePart=0x0) returned 0xd [0172.490] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-BR\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-BR\\", lpFilePart=0x0) returned 0xe [0172.491] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-BR\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.491] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.491] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.491] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0172.491] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.491] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.491] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.491] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.491] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT", lpFilePart=0x0) returned 0xd [0172.491] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT\\", lpFilePart=0x0) returned 0xe [0172.491] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-PT\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.492] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.492] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.492] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.492] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.492] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT", lpFilePart=0x0) returned 0xd [0172.492] GetFullPathNameW (in: lpFileName="C:\\Boot\\pt-PT\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\pt-PT\\", lpFilePart=0x0) returned 0xe [0172.493] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-PT\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.493] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.493] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.493] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0172.493] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.493] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.493] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU", lpFilePart=0x0) returned 0xd [0172.493] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU\\", lpFilePart=0x0) returned 0xe [0172.493] FindFirstFileW (in: lpFileName="C:\\Boot\\ru-RU\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.494] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.495] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.495] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.495] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.495] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.495] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU", lpFilePart=0x0) returned 0xd [0172.495] GetFullPathNameW (in: lpFileName="C:\\Boot\\ru-RU\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\ru-RU\\", lpFilePart=0x0) returned 0xe [0172.495] FindFirstFileW (in: lpFileName="C:\\Boot\\ru-RU\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.495] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.495] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.496] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0172.496] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.496] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.496] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.496] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.496] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE", lpFilePart=0x0) returned 0xd [0172.496] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE\\", lpFilePart=0x0) returned 0xe [0172.496] FindFirstFileW (in: lpFileName="C:\\Boot\\sv-SE\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.496] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.497] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.497] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.497] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.497] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.497] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.497] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.497] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE", lpFilePart=0x0) returned 0xd [0172.497] GetFullPathNameW (in: lpFileName="C:\\Boot\\sv-SE\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\sv-SE\\", lpFilePart=0x0) returned 0xe [0172.497] FindFirstFileW (in: lpFileName="C:\\Boot\\sv-SE\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.497] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.498] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.498] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0172.498] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.498] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.498] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.498] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.498] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR", lpFilePart=0x0) returned 0xd [0172.498] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR\\", lpFilePart=0x0) returned 0xe [0172.498] FindFirstFileW (in: lpFileName="C:\\Boot\\tr-TR\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.499] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.499] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.499] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.499] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.499] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.499] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.500] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.500] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR", lpFilePart=0x0) returned 0xd [0172.500] GetFullPathNameW (in: lpFileName="C:\\Boot\\tr-TR\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\tr-TR\\", lpFilePart=0x0) returned 0xe [0172.500] FindFirstFileW (in: lpFileName="C:\\Boot\\tr-TR\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.500] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.500] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.500] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0172.500] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.500] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.501] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN", lpFilePart=0x0) returned 0xd [0172.501] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN\\", lpFilePart=0x0) returned 0xe [0172.501] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-CN\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.501] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.501] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0172.501] FindNextFileW (in: hFindFile=0x8e023b0, lpFindFileData=0x3fe6c0 | out: lpFindFileData=0x3fe6c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0172.501] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.501] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.501] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.501] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.501] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN", lpFilePart=0x0) returned 0xd [0172.502] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-CN\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-CN\\", lpFilePart=0x0) returned 0xe [0172.502] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-CN\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.502] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.503] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.503] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK", lpFilePart=0x0) returned 0xd [0172.503] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK\\", lpFilePart=0x0) returned 0xe [0172.503] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-HK\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.504] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.504] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.504] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK", lpFilePart=0x0) returned 0xd [0172.504] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-HK\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-HK\\", lpFilePart=0x0) returned 0xe [0172.504] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-HK\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.505] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.505] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.505] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.505] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.505] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW", lpFilePart=0x0) returned 0xd [0172.505] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW\\", lpFilePart=0x0) returned 0xe [0172.505] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-TW\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.505] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.506] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.506] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.506] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.506] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW", lpFilePart=0x0) returned 0xd [0172.506] GetFullPathNameW (in: lpFileName="C:\\Boot\\zh-TW\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\Boot\\zh-TW\\", lpFilePart=0x0) returned 0xe [0172.506] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-TW\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.506] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.506] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.506] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.506] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe9c8) returned 1 [0172.506] GetFullPathNameW (in: lpFileName="C:\\Config.Msi", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Config.Msi", lpFilePart=0x0) returned 0xd [0172.506] GetFullPathNameW (in: lpFileName="C:\\Config.Msi\\", nBufferLength=0x105, lpBuffer=0x3fe4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Config.Msi\\", lpFilePart=0x0) returned 0xe [0172.507] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*", lpFindFileData=0x3fe6f0 | out: lpFindFileData=0x3fe6f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.507] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.507] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe988) returned 1 [0172.507] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe994) returned 1 [0172.507] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe9c8) returned 1 [0172.507] GetFullPathNameW (in: lpFileName="C:\\Config.Msi", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Config.Msi", lpFilePart=0x0) returned 0xd [0172.507] GetFullPathNameW (in: lpFileName="C:\\Config.Msi\\", nBufferLength=0x105, lpBuffer=0x3fe4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Config.Msi\\", lpFilePart=0x0) returned 0xe [0172.507] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*", lpFindFileData=0x3fe6f0 | out: lpFindFileData=0x3fe6f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.508] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.508] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe988) returned 1 [0172.508] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe994) returned 1 [0172.508] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe9c8) returned 1 [0172.508] GetFullPathNameW (in: lpFileName="C:\\Documents and Settings", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Documents and Settings", lpFilePart=0x0) returned 0x19 [0172.508] GetFullPathNameW (in: lpFileName="C:\\Documents and Settings\\", nBufferLength=0x105, lpBuffer=0x3fe4a4, lpFilePart=0x0 | out: lpBuffer="C:\\Documents and Settings\\", lpFilePart=0x0) returned 0x1a [0172.508] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\*", lpFindFileData=0x3fe6f0 | out: lpFindFileData=0x3fe6f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0172.508] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe98c) returned 1 [0172.510] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe9c8) returned 1 [0172.510] GetFullPathNameW (in: lpFileName="C:\\MSOCache", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache", lpFilePart=0x0) returned 0xb [0172.510] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\", nBufferLength=0x105, lpBuffer=0x3fe4a4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\", lpFilePart=0x0) returned 0xc [0172.510] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*", lpFindFileData=0x3fe6f0 | out: lpFindFileData=0x3fe6f0*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.510] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.510] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe988) returned 1 [0172.510] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe994) returned 1 [0172.510] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe9c8) returned 1 [0172.510] GetFullPathNameW (in: lpFileName="C:\\MSOCache", nBufferLength=0x105, lpBuffer=0x3fe4d0, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache", lpFilePart=0x0) returned 0xb [0172.510] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\", nBufferLength=0x105, lpBuffer=0x3fe4a4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\", lpFilePart=0x0) returned 0xc [0172.510] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*", lpFindFileData=0x3fe6f0 | out: lpFindFileData=0x3fe6f0*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.511] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.511] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe988) returned 1 [0172.511] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe994) returned 1 [0172.511] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.511] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users", lpFilePart=0x0) returned 0x15 [0172.511] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\", lpFilePart=0x0) returned 0x16 [0172.511] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.547] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.547] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.547] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.547] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe988) returned 1 [0172.548] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users", nBufferLength=0x105, lpBuffer=0x3fe490, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users", lpFilePart=0x0) returned 0x15 [0172.548] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\", nBufferLength=0x105, lpBuffer=0x3fe464, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\", lpFilePart=0x0) returned 0x16 [0172.548] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\*", lpFindFileData=0x3fe6b0 | out: lpFindFileData=0x3fe6b0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.582] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.582] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe948) returned 1 [0172.582] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe954) returned 1 [0172.582] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0172.582] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0172.583] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0172.583] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.584] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0172.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0172.584] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0172.585] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0172.585] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0172.585] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e023b0 [0172.585] FindClose (in: hFindFile=0x8e023b0 | out: hFindFile=0x8e023b0) returned 1 [0172.585] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0172.585] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0172.585] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", lpFilePart=0x0) returned 0x4a [0172.585] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0172.585] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4d0 [0172.586] GetFileType (hFile=0x4d0) returned 0x1 [0172.586] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0172.586] GetFileType (hFile=0x4d0) returned 0x1 [0172.586] GetFileSize (in: hFile=0x4d0, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x102fcbb [0172.631] ReadFile (in: hFile=0x4d0, lpBuffer=0x9441018, nNumberOfBytesToRead=0x102fcbb, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x9441018*, lpNumberOfBytesRead=0x3fe8e4*=0x102fcbb, lpOverlapped=0x0) returned 1 [0173.023] CloseHandle (hObject=0x4d0) returned 1 [0175.660] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0175.660] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0175.660] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0175.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0175.660] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", lpFilePart=0x0) returned 0x4a [0175.660] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0175.660] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0175.662] GetFileType (hFile=0x2d8) returned 0x1 [0175.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0175.662] GetFileType (hFile=0x2d8) returned 0x1 [0175.662] WriteFile (in: hFile=0x2d8, lpBuffer=0x108d1018*, nNumberOfBytesToWrite=0x102fcc0, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0x108d1018*, lpNumberOfBytesWritten=0x3fe8d4*=0x102fcc0, lpOverlapped=0x0) returned 1 [0176.024] CloseHandle (hObject=0x2d8) returned 1 [0176.335] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", lpFilePart=0x0) returned 0x4a [0176.335] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.encrypted", lpFilePart=0x0) returned 0x54 [0176.335] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0176.335] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x393df700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x393df700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x1d99af00, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x102fcc0)) returned 1 [0176.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0176.335] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab.encrypted")) returned 1 [0176.338] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", lpFilePart=0x0) returned 0x4b [0176.338] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0176.338] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0176.338] GetFileType (hFile=0x2d8) returned 0x1 [0176.338] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0176.339] GetFileType (hFile=0x2d8) returned 0x1 [0176.339] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x61d [0176.339] ReadFile (in: hFile=0x2d8, lpBuffer=0x2538ea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x2538ea0*, lpNumberOfBytesRead=0x3fe8e4*=0x61d, lpOverlapped=0x0) returned 1 [0176.340] CloseHandle (hObject=0x2d8) returned 1 [0176.391] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0176.391] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0176.391] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0176.391] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0176.391] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", lpFilePart=0x0) returned 0x4b [0176.391] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0176.391] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0176.393] GetFileType (hFile=0x2d8) returned 0x1 [0176.393] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0176.393] GetFileType (hFile=0x2d8) returned 0x1 [0176.394] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", lpFilePart=0x0) returned 0x4b [0176.395] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.encrypted", lpFilePart=0x0) returned 0x55 [0176.395] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0176.395] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x1da33480, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x620)) returned 1 [0176.395] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0176.395] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml.encrypted")) returned 1 [0176.396] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0176.396] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0176.396] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0176.398] GetFileType (hFile=0x2d8) returned 0x1 [0176.398] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0176.398] GetFileType (hFile=0x2d8) returned 0x1 [0176.398] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x8f8 [0176.398] ReadFile (in: hFile=0x2d8, lpBuffer=0x258d9a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x258d9a8*, lpNumberOfBytesRead=0x3fe8e4*=0x8f8, lpOverlapped=0x0) returned 1 [0176.400] CloseHandle (hObject=0x2d8) returned 1 [0176.439] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0176.439] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0176.439] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0176.439] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0176.439] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0176.439] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0176.439] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0176.440] GetFileType (hFile=0x2d8) returned 0x1 [0176.440] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0176.440] GetFileType (hFile=0x2d8) returned 0x1 [0176.441] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0176.441] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0176.441] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0176.442] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x1daa58a0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x900)) returned 1 [0176.442] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0176.442] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0176.443] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0176.443] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0176.443] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0176.443] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e02530 [0176.565] FindNextFileW (in: hFindFile=0x8e02530, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.565] FindNextFileW (in: hFindFile=0x8e02530, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe874f770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263400, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerPointMUI.msi", cAlternateFileName="POWERP~1.MSI")) returned 1 [0176.685] FindNextFileW (in: hFindFile=0x8e02530, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerPointMUI.xml", cAlternateFileName="POWERP~1.XML")) returned 1 [0176.698] FindNextFileW (in: hFindFile=0x8e02530, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8b079d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x431a290, dwReserved0=0x0, dwReserved1=0x0, cFileName="PptLR.cab", cAlternateFileName="")) returned 1 [0176.701] FindNextFileW (in: hFindFile=0x8e02530, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x75e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0176.709] FindNextFileW (in: hFindFile=0x8e02530, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0176.721] FindClose (in: hFindFile=0x8e02530 | out: hFindFile=0x8e02530) returned 1 [0176.739] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0176.740] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0176.743] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0176.743] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0176.758] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0176.764] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e02530 [0176.774] FindNextFileW (in: hFindFile=0x8e02530, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.778] FindNextFileW (in: hFindFile=0x8e02530, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe874f770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263400, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerPointMUI.msi", cAlternateFileName="POWERP~1.MSI")) returned 1 [0176.789] FindNextFileW (in: hFindFile=0x8e02530, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerPointMUI.xml", cAlternateFileName="POWERP~1.XML")) returned 1 [0176.798] FindNextFileW (in: hFindFile=0x8e02530, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8b079d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x431a290, dwReserved0=0x0, dwReserved1=0x0, cFileName="PptLR.cab", cAlternateFileName="")) returned 1 [0176.801] FindNextFileW (in: hFindFile=0x8e02530, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x75e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0176.801] FindNextFileW (in: hFindFile=0x8e02530, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x75e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0176.892] FindClose (in: hFindFile=0x8e02530 | out: hFindFile=0x8e02530) returned 1 [0176.899] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0176.902] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0176.906] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", lpFilePart=0x0) returned 0x50 [0176.906] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0176.906] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0176.907] GetFileType (hFile=0x2d8) returned 0x1 [0176.907] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0176.907] GetFileType (hFile=0x2d8) returned 0x1 [0176.907] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x5aa [0176.907] ReadFile (in: hFile=0x2d8, lpBuffer=0x25e26cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x25e26cc*, lpNumberOfBytesRead=0x3fe8e4*=0x5aa, lpOverlapped=0x0) returned 1 [0176.968] CloseHandle (hObject=0x2d8) returned 1 [0177.218] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0177.218] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0177.218] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0177.219] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0177.219] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", lpFilePart=0x0) returned 0x50 [0177.219] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0177.219] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0177.220] GetFileType (hFile=0x2d8) returned 0x1 [0177.221] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0177.221] GetFileType (hFile=0x2d8) returned 0x1 [0177.221] WriteFile (in: hFile=0x2d8, lpBuffer=0x2632368*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0x3fe8a8, lpOverlapped=0x0 | out: lpBuffer=0x2632368*, lpNumberOfBytesWritten=0x3fe8a8*=0x5b0, lpOverlapped=0x0) returned 1 [0177.222] CloseHandle (hObject=0x2d8) returned 1 [0177.223] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", lpFilePart=0x0) returned 0x50 [0177.223] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.encrypted", lpFilePart=0x0) returned 0x5a [0177.223] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0177.223] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x1e215d60, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x5b0)) returned 1 [0177.224] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0177.224] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml.encrypted")) returned 1 [0177.225] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", lpFilePart=0x0) returned 0x48 [0177.225] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0177.225] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0177.292] GetFileType (hFile=0x2d8) returned 0x1 [0177.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0177.292] GetFileType (hFile=0x2d8) returned 0x1 [0177.292] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x431a290 [0177.630] ReadFile (in: hFile=0x2d8, lpBuffer=0x131e1018, nNumberOfBytesToRead=0x431a290, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x131e1018*, lpNumberOfBytesRead=0x3fe8e4*=0x431a290, lpOverlapped=0x0) returned 1 [0181.112] CloseHandle (hObject=0x2d8) returned 1 [0187.904] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0187.904] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0187.904] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0187.904] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0187.904] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", lpFilePart=0x0) returned 0x48 [0187.904] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0187.904] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0187.910] GetFileType (hFile=0x2d8) returned 0x1 [0187.910] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0187.910] GetFileType (hFile=0x2d8) returned 0x1 [0187.910] WriteFile (in: hFile=0x2d8, lpBuffer=0x9441018*, nNumberOfBytesToWrite=0x431a2a0, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0x9441018*, lpNumberOfBytesWritten=0x3fe8d4*=0x431a2a0, lpOverlapped=0x0) returned 1 [0189.768] CloseHandle (hObject=0x2d8) returned 1 [0190.071] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", lpFilePart=0x0) returned 0x48 [0190.071] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.encrypted", lpFilePart=0x0) returned 0x52 [0190.071] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0190.071] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x25c3a640, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x431a2a0)) returned 1 [0190.071] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0190.071] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab.encrypted")) returned 1 [0190.072] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0190.072] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0190.072] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0190.073] GetFileType (hFile=0x2d8) returned 0x1 [0190.073] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0190.073] GetFileType (hFile=0x2d8) returned 0x1 [0190.073] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x75e [0190.073] ReadFile (in: hFile=0x2d8, lpBuffer=0x2538f78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x2538f78*, lpNumberOfBytesRead=0x3fe8e4*=0x75e, lpOverlapped=0x0) returned 1 [0190.074] CloseHandle (hObject=0x2d8) returned 1 [0190.462] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0190.462] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0190.462] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0190.462] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0190.462] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0190.463] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0190.463] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0190.464] GetFileType (hFile=0x2d8) returned 0x1 [0190.464] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0190.464] GetFileType (hFile=0x2d8) returned 0x1 [0190.464] WriteFile (in: hFile=0x2d8, lpBuffer=0x24e1bd4*, nNumberOfBytesToWrite=0x760, lpNumberOfBytesWritten=0x3fe8a8, lpOverlapped=0x0 | out: lpBuffer=0x24e1bd4*, lpNumberOfBytesWritten=0x3fe8a8*=0x760, lpOverlapped=0x0) returned 1 [0190.465] CloseHandle (hObject=0x2d8) returned 1 [0190.466] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0190.466] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0190.466] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0190.466] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x25ff28a0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x760)) returned 1 [0190.466] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0190.466] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0190.468] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0190.468] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0190.468] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0190.468] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e026b0 [0190.522] FindNextFileW (in: hFindFile=0x8e026b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0190.522] FindNextFileW (in: hFindFile=0x8e026b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc40b730, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x265c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="PublisherMUI.msi", cAlternateFileName="PUBLIS~1.MSI")) returned 1 [0190.522] FindNextFileW (in: hFindFile=0x8e026b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc3e4630, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="PublisherMUI.xml", cAlternateFileName="PUBLIS~1.XML")) returned 1 [0190.522] FindNextFileW (in: hFindFile=0x8e026b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3cd17e00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3cd17e00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc47e320, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x97f3f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PubLR.cab", cAlternateFileName="")) returned 1 [0190.522] FindNextFileW (in: hFindFile=0x8e026b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x648, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0190.522] FindNextFileW (in: hFindFile=0x8e026b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0190.522] FindClose (in: hFindFile=0x8e026b0 | out: hFindFile=0x8e026b0) returned 1 [0190.523] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0190.523] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0190.523] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0190.523] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0190.523] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0190.524] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e026b0 [0190.524] FindNextFileW (in: hFindFile=0x8e026b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0190.525] FindNextFileW (in: hFindFile=0x8e026b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc40b730, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x265c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="PublisherMUI.msi", cAlternateFileName="PUBLIS~1.MSI")) returned 1 [0190.525] FindNextFileW (in: hFindFile=0x8e026b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc3e4630, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="PublisherMUI.xml", cAlternateFileName="PUBLIS~1.XML")) returned 1 [0190.525] FindNextFileW (in: hFindFile=0x8e026b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3cd17e00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3cd17e00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc47e320, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x97f3f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PubLR.cab", cAlternateFileName="")) returned 1 [0190.525] FindNextFileW (in: hFindFile=0x8e026b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x648, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0190.525] FindNextFileW (in: hFindFile=0x8e026b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x648, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0190.525] FindClose (in: hFindFile=0x8e026b0 | out: hFindFile=0x8e026b0) returned 1 [0190.526] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0190.526] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0190.526] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", lpFilePart=0x0) returned 0x4f [0190.526] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0190.526] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0190.528] GetFileType (hFile=0x2d8) returned 0x1 [0190.528] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0190.528] GetFileType (hFile=0x2d8) returned 0x1 [0190.528] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x5aa [0190.528] ReadFile (in: hFile=0x2d8, lpBuffer=0x24e57c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x24e57c8*, lpNumberOfBytesRead=0x3fe8e4*=0x5aa, lpOverlapped=0x0) returned 1 [0190.530] CloseHandle (hObject=0x2d8) returned 1 [0190.575] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0190.575] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0190.575] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0190.575] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0190.575] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", lpFilePart=0x0) returned 0x4f [0190.575] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0190.575] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0190.576] GetFileType (hFile=0x2d8) returned 0x1 [0190.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0190.576] GetFileType (hFile=0x2d8) returned 0x1 [0190.576] WriteFile (in: hFile=0x2d8, lpBuffer=0x25355bc*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0x3fe8a8, lpOverlapped=0x0 | out: lpBuffer=0x25355bc*, lpNumberOfBytesWritten=0x3fe8a8*=0x5b0, lpOverlapped=0x0) returned 1 [0190.577] CloseHandle (hObject=0x2d8) returned 1 [0190.578] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", lpFilePart=0x0) returned 0x4f [0190.578] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.encrypted", lpFilePart=0x0) returned 0x59 [0190.578] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0190.578] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x260fd240, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x5b0)) returned 1 [0190.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0190.578] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml.encrypted")) returned 1 [0190.583] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", lpFilePart=0x0) returned 0x48 [0190.583] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0190.583] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0190.583] GetFileType (hFile=0x2d8) returned 0x1 [0190.583] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0190.583] GetFileType (hFile=0x2d8) returned 0x1 [0190.583] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x97f3f4 [0190.605] ReadFile (in: hFile=0x2d8, lpBuffer=0x174fb2c8, nNumberOfBytesToRead=0x97f3f4, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x174fb2c8*, lpNumberOfBytesRead=0x3fe8e4*=0x97f3f4, lpOverlapped=0x0) returned 1 [0190.834] CloseHandle (hObject=0x2d8) returned 1 [0191.456] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0191.456] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0191.456] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0191.457] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0191.457] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", lpFilePart=0x0) returned 0x48 [0191.457] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0191.457] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0191.458] GetFileType (hFile=0x2d8) returned 0x1 [0191.458] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0191.458] GetFileType (hFile=0x2d8) returned 0x1 [0191.458] WriteFile (in: hFile=0x2d8, lpBuffer=0x5fff818*, nNumberOfBytesToWrite=0x97f400, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0x5fff818*, lpNumberOfBytesWritten=0x3fe8d4*=0x97f400, lpOverlapped=0x0) returned 1 [0191.649] CloseHandle (hObject=0x2d8) returned 1 [0191.945] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", lpFilePart=0x0) returned 0x48 [0191.945] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.encrypted", lpFilePart=0x0) returned 0x52 [0191.945] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0191.945] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3cd17e00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3cd17e00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x26dc8880, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x97f400)) returned 1 [0191.945] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0191.945] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab.encrypted")) returned 1 [0191.949] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0191.949] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0191.949] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0191.950] GetFileType (hFile=0x2d8) returned 0x1 [0191.950] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0191.950] GetFileType (hFile=0x2d8) returned 0x1 [0191.950] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x648 [0191.950] ReadFile (in: hFile=0x2d8, lpBuffer=0x25842cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x25842cc*, lpNumberOfBytesRead=0x3fe8e4*=0x648, lpOverlapped=0x0) returned 1 [0191.952] CloseHandle (hObject=0x2d8) returned 1 [0191.967] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0191.967] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0191.967] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0191.967] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0191.967] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0191.967] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0191.967] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0191.968] GetFileType (hFile=0x2d8) returned 0x1 [0191.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0191.968] GetFileType (hFile=0x2d8) returned 0x1 [0191.968] WriteFile (in: hFile=0x2d8, lpBuffer=0x25d4268*, nNumberOfBytesToWrite=0x650, lpNumberOfBytesWritten=0x3fe8a8, lpOverlapped=0x0 | out: lpBuffer=0x25d4268*, lpNumberOfBytesWritten=0x3fe8a8*=0x650, lpOverlapped=0x0) returned 1 [0191.969] CloseHandle (hObject=0x2d8) returned 1 [0191.971] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0191.971] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0191.971] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0191.971] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x26e14b40, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x650)) returned 1 [0191.971] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0191.971] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0191.972] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0191.972] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0191.972] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0191.972] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e02830 [0191.975] FindNextFileW (in: hFindFile=0x8e02830, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0191.975] FindNextFileW (in: hFindFile=0x8e02830, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3a6f2400, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3a6f2400, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xeebe0180, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xe21fcc, dwReserved0=0x0, dwReserved1=0x0, cFileName="OutlkLR.cab", cAlternateFileName="")) returned 1 [0191.975] FindNextFileW (in: hFindFile=0x8e02830, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee827f20, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2bba00, dwReserved0=0x0, dwReserved1=0x0, cFileName="OutlookMUI.msi", cAlternateFileName="OUTLOO~1.MSI")) returned 1 [0191.975] FindNextFileW (in: hFindFile=0x8e02830, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee827f20, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xc72, dwReserved0=0x0, dwReserved1=0x0, cFileName="OutlookMUI.xml", cAlternateFileName="OUTLOO~1.XML")) returned 1 [0191.975] FindNextFileW (in: hFindFile=0x8e02830, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf00db300, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x106f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0191.975] FindNextFileW (in: hFindFile=0x8e02830, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0191.975] FindClose (in: hFindFile=0x8e02830 | out: hFindFile=0x8e02830) returned 1 [0191.976] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0191.976] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0191.976] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0191.976] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0191.976] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0191.976] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e02830 [0191.977] FindNextFileW (in: hFindFile=0x8e02830, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0191.977] FindNextFileW (in: hFindFile=0x8e02830, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3a6f2400, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3a6f2400, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xeebe0180, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xe21fcc, dwReserved0=0x0, dwReserved1=0x0, cFileName="OutlkLR.cab", cAlternateFileName="")) returned 1 [0191.978] FindNextFileW (in: hFindFile=0x8e02830, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee827f20, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2bba00, dwReserved0=0x0, dwReserved1=0x0, cFileName="OutlookMUI.msi", cAlternateFileName="OUTLOO~1.MSI")) returned 1 [0191.978] FindNextFileW (in: hFindFile=0x8e02830, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee827f20, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xc72, dwReserved0=0x0, dwReserved1=0x0, cFileName="OutlookMUI.xml", cAlternateFileName="OUTLOO~1.XML")) returned 1 [0191.978] FindNextFileW (in: hFindFile=0x8e02830, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf00db300, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x106f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0191.978] FindNextFileW (in: hFindFile=0x8e02830, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf00db300, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x106f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0191.978] FindClose (in: hFindFile=0x8e02830 | out: hFindFile=0x8e02830) returned 1 [0191.979] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0191.979] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0191.979] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", lpFilePart=0x0) returned 0x4a [0191.979] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0191.979] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0191.980] GetFileType (hFile=0x2d8) returned 0x1 [0191.980] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0191.980] GetFileType (hFile=0x2d8) returned 0x1 [0191.980] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0xe21fcc [0192.015] ReadFile (in: hFile=0x2d8, lpBuffer=0xe441018, nNumberOfBytesToRead=0xe21fcc, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0xe441018*, lpNumberOfBytesRead=0x3fe8e4*=0xe21fcc, lpOverlapped=0x0) returned 1 [0192.323] CloseHandle (hObject=0x2d8) returned 1 [0193.180] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0193.180] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0193.180] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0193.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0193.180] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", lpFilePart=0x0) returned 0x4a [0193.180] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0193.180] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0193.183] GetFileType (hFile=0x2d8) returned 0x1 [0193.183] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0193.183] GetFileType (hFile=0x2d8) returned 0x1 [0193.183] WriteFile (in: hFile=0x2d8, lpBuffer=0x11441018*, nNumberOfBytesToWrite=0xe21fd0, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0x11441018*, lpNumberOfBytesWritten=0x3fe8d4*=0xe21fd0, lpOverlapped=0x0) returned 1 [0193.501] CloseHandle (hObject=0x2d8) returned 1 [0193.829] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", lpFilePart=0x0) returned 0x4a [0193.829] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.encrypted", lpFilePart=0x0) returned 0x54 [0193.829] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0193.829] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3a6f2400, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3a6f2400, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x27f30960, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0xe21fd0)) returned 1 [0193.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0193.829] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab.encrypted")) returned 1 [0193.830] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", lpFilePart=0x0) returned 0x4d [0193.830] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0193.830] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0193.831] GetFileType (hFile=0x2d8) returned 0x1 [0193.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0193.831] GetFileType (hFile=0x2d8) returned 0x1 [0193.831] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0xc72 [0193.831] ReadFile (in: hFile=0x2d8, lpBuffer=0x2625868, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x2625868*, lpNumberOfBytesRead=0x3fe8e4*=0xc72, lpOverlapped=0x0) returned 1 [0193.833] CloseHandle (hObject=0x2d8) returned 1 [0193.848] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0193.848] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0193.848] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0193.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0193.848] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", lpFilePart=0x0) returned 0x4d [0193.849] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0193.849] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0193.850] GetFileType (hFile=0x2d8) returned 0x1 [0193.850] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0193.850] GetFileType (hFile=0x2d8) returned 0x1 [0193.850] WriteFile (in: hFile=0x2d8, lpBuffer=0x2677710*, nNumberOfBytesToWrite=0xc80, lpNumberOfBytesWritten=0x3fe8a8, lpOverlapped=0x0 | out: lpBuffer=0x2677710*, lpNumberOfBytesWritten=0x3fe8a8*=0xc80, lpOverlapped=0x0) returned 1 [0193.851] CloseHandle (hObject=0x2d8) returned 1 [0193.852] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", lpFilePart=0x0) returned 0x4d [0193.852] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.encrypted", lpFilePart=0x0) returned 0x57 [0193.852] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0193.852] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x27f56ac0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0xc80)) returned 1 [0193.852] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0193.852] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml.encrypted")) returned 1 [0193.853] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0193.853] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0193.853] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0193.854] GetFileType (hFile=0x2d8) returned 0x1 [0193.854] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0193.854] GetFileType (hFile=0x2d8) returned 0x1 [0193.854] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x106f [0193.854] ReadFile (in: hFile=0x2d8, lpBuffer=0x2678a70, nNumberOfBytesToRead=0x106f, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x2678a70*, lpNumberOfBytesRead=0x3fe8e4*=0x106f, lpOverlapped=0x0) returned 1 [0193.856] CloseHandle (hObject=0x2d8) returned 1 [0193.870] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0193.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0193.870] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0193.871] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0193.871] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0193.871] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0193.871] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0193.872] GetFileType (hFile=0x2d8) returned 0x1 [0193.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0193.872] GetFileType (hFile=0x2d8) returned 0x1 [0193.872] WriteFile (in: hFile=0x2d8, lpBuffer=0x26caa50*, nNumberOfBytesToWrite=0x1070, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0x26caa50*, lpNumberOfBytesWritten=0x3fe8d4*=0x1070, lpOverlapped=0x0) returned 1 [0193.873] CloseHandle (hObject=0x2d8) returned 1 [0193.877] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0193.877] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0193.877] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0193.877] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x27fa2d80, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x1070)) returned 1 [0193.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0193.877] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0193.878] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0193.878] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0193.879] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0193.879] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e029b0 [0193.880] FindNextFileW (in: hFindFile=0x8e029b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.880] FindNextFileW (in: hFindFile=0x8e029b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x978, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0193.880] FindNextFileW (in: hFindFile=0x8e029b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2fb48f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2fb48f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc967850, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x29c6dbd, dwReserved0=0x0, dwReserved1=0x0, cFileName="WordLR.cab", cAlternateFileName="")) returned 1 [0193.880] FindNextFileW (in: hFindFile=0x8e029b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x267e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="WordMUI.msi", cAlternateFileName="")) returned 1 [0193.880] FindNextFileW (in: hFindFile=0x8e029b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x708, dwReserved0=0x0, dwReserved1=0x0, cFileName="WordMUI.xml", cAlternateFileName="")) returned 1 [0193.880] FindNextFileW (in: hFindFile=0x8e029b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0193.880] FindClose (in: hFindFile=0x8e029b0 | out: hFindFile=0x8e029b0) returned 1 [0193.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0193.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0193.881] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0193.881] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0193.881] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0193.881] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e029b0 [0193.881] FindNextFileW (in: hFindFile=0x8e029b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.881] FindNextFileW (in: hFindFile=0x8e029b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x978, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0193.881] FindNextFileW (in: hFindFile=0x8e029b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2fb48f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2fb48f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc967850, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x29c6dbd, dwReserved0=0x0, dwReserved1=0x0, cFileName="WordLR.cab", cAlternateFileName="")) returned 1 [0193.881] FindNextFileW (in: hFindFile=0x8e029b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x267e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="WordMUI.msi", cAlternateFileName="")) returned 1 [0193.881] FindNextFileW (in: hFindFile=0x8e029b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x708, dwReserved0=0x0, dwReserved1=0x0, cFileName="WordMUI.xml", cAlternateFileName="")) returned 1 [0193.882] FindNextFileW (in: hFindFile=0x8e029b0, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x708, dwReserved0=0x0, dwReserved1=0x0, cFileName="WordMUI.xml", cAlternateFileName="")) returned 0 [0193.882] FindClose (in: hFindFile=0x8e029b0 | out: hFindFile=0x8e029b0) returned 1 [0193.882] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0193.882] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0193.882] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0193.882] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0193.882] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0193.883] GetFileType (hFile=0x2d8) returned 0x1 [0193.883] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0193.883] GetFileType (hFile=0x2d8) returned 0x1 [0193.883] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x978 [0193.883] ReadFile (in: hFile=0x2d8, lpBuffer=0x26ceb94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x26ceb94*, lpNumberOfBytesRead=0x3fe8e4*=0x978, lpOverlapped=0x0) returned 1 [0193.885] CloseHandle (hObject=0x2d8) returned 1 [0194.010] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0194.010] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0194.010] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0194.010] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0194.010] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0194.010] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0194.010] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0194.011] GetFileType (hFile=0x2d8) returned 0x1 [0194.011] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0194.011] GetFileType (hFile=0x2d8) returned 0x1 [0194.011] WriteFile (in: hFile=0x2d8, lpBuffer=0x251fe18*, nNumberOfBytesToWrite=0x980, lpNumberOfBytesWritten=0x3fe8a8, lpOverlapped=0x0 | out: lpBuffer=0x251fe18*, lpNumberOfBytesWritten=0x3fe8a8*=0x980, lpOverlapped=0x0) returned 1 [0194.012] CloseHandle (hObject=0x2d8) returned 1 [0194.013] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0194.013] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0194.014] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0194.014] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x280d3880, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x980)) returned 1 [0194.014] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0194.014] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0194.017] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab", lpFilePart=0x0) returned 0x49 [0194.017] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0194.017] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0194.017] GetFileType (hFile=0x2d8) returned 0x1 [0194.017] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0194.017] GetFileType (hFile=0x2d8) returned 0x1 [0194.017] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x29c6dbd [0194.356] ReadFile (in: hFile=0x2d8, lpBuffer=0x1a1e1018, nNumberOfBytesToRead=0x29c6dbd, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x1a1e1018*, lpNumberOfBytesRead=0x3fe8e4*=0x29c6dbd, lpOverlapped=0x0) returned 1 [0198.232] CloseHandle (hObject=0x2d8) returned 1 [0202.597] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0202.597] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0202.597] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0202.598] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0202.599] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab", lpFilePart=0x0) returned 0x49 [0202.599] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0202.599] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0202.605] GetFileType (hFile=0x2d8) returned 0x1 [0202.605] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0202.605] GetFileType (hFile=0x2d8) returned 0x1 [0202.605] WriteFile (in: hFile=0x2d8, lpBuffer=0x12441018*, nNumberOfBytesToWrite=0x29c6dc0, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0x12441018*, lpNumberOfBytesWritten=0x3fe8d4*=0x29c6dc0, lpOverlapped=0x0) returned 1 [0203.838] CloseHandle (hObject=0x2d8) returned 1 [0204.191] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab", lpFilePart=0x0) returned 0x49 [0204.191] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab.encrypted", lpFilePart=0x0) returned 0x53 [0204.191] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0204.191] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2fb48f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2fb48f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x2e1614e0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x29c6dc0)) returned 1 [0204.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0204.192] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab.encrypted")) returned 1 [0204.196] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml", lpFilePart=0x0) returned 0x4a [0204.196] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0204.197] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0204.197] GetFileType (hFile=0x2d8) returned 0x1 [0204.197] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0204.198] GetFileType (hFile=0x2d8) returned 0x1 [0204.198] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x708 [0204.198] ReadFile (in: hFile=0x2d8, lpBuffer=0x24da50c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x24da50c*, lpNumberOfBytesRead=0x3fe8e4*=0x708, lpOverlapped=0x0) returned 1 [0204.200] CloseHandle (hObject=0x2d8) returned 1 [0204.254] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0204.254] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0204.254] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0204.254] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0204.254] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml", lpFilePart=0x0) returned 0x4a [0204.254] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0204.254] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0204.256] GetFileType (hFile=0x2d8) returned 0x1 [0204.256] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0204.256] GetFileType (hFile=0x2d8) returned 0x1 [0204.256] WriteFile (in: hFile=0x2d8, lpBuffer=0x252ae34*, nNumberOfBytesToWrite=0x710, lpNumberOfBytesWritten=0x3fe8a8, lpOverlapped=0x0 | out: lpBuffer=0x252ae34*, lpNumberOfBytesWritten=0x3fe8a8*=0x710, lpOverlapped=0x0) returned 1 [0204.257] CloseHandle (hObject=0x2d8) returned 1 [0204.258] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml", lpFilePart=0x0) returned 0x4a [0204.258] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.encrypted", lpFilePart=0x0) returned 0x54 [0204.258] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0204.258] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x2e1f9a60, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x710)) returned 1 [0204.258] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0204.258] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml.encrypted")) returned 1 [0204.259] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0204.259] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0204.259] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0204.259] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e02b30 [0204.292] FindNextFileW (in: hFindFile=0x8e02b30, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0204.292] FindNextFileW (in: hFindFile=0x8e02b30, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.en", cAlternateFileName="")) returned 1 [0204.292] FindNextFileW (in: hFindFile=0x8e02b30, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.es", cAlternateFileName="")) returned 1 [0204.292] FindNextFileW (in: hFindFile=0x8e02b30, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.fr", cAlternateFileName="")) returned 1 [0204.292] FindNextFileW (in: hFindFile=0x8e02b30, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x40650500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x40650500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf0126df0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proofing.msi", cAlternateFileName="")) returned 1 [0204.293] FindNextFileW (in: hFindFile=0x8e02b30, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf00db300, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x32b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proofing.xml", cAlternateFileName="")) returned 1 [0204.293] FindNextFileW (in: hFindFile=0x8e02b30, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x42c75f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x42c75f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf58c6830, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x16fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0204.293] FindNextFileW (in: hFindFile=0x8e02b30, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0204.293] FindClose (in: hFindFile=0x8e02b30 | out: hFindFile=0x8e02b30) returned 1 [0204.294] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0204.294] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0204.294] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0204.294] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0204.294] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0204.294] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e02b30 [0204.295] FindNextFileW (in: hFindFile=0x8e02b30, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0204.295] FindNextFileW (in: hFindFile=0x8e02b30, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.en", cAlternateFileName="")) returned 1 [0204.296] FindNextFileW (in: hFindFile=0x8e02b30, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.es", cAlternateFileName="")) returned 1 [0204.296] FindNextFileW (in: hFindFile=0x8e02b30, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.fr", cAlternateFileName="")) returned 1 [0204.296] FindNextFileW (in: hFindFile=0x8e02b30, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x40650500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x40650500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf0126df0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proofing.msi", cAlternateFileName="")) returned 1 [0204.296] FindNextFileW (in: hFindFile=0x8e02b30, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf00db300, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x32b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proofing.xml", cAlternateFileName="")) returned 1 [0204.296] FindNextFileW (in: hFindFile=0x8e02b30, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x42c75f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x42c75f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf58c6830, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x16fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0204.296] FindNextFileW (in: hFindFile=0x8e02b30, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x42c75f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x42c75f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf58c6830, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x16fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0204.296] FindClose (in: hFindFile=0x8e02b30 | out: hFindFile=0x8e02b30) returned 1 [0204.297] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0204.297] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0204.297] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml", lpFilePart=0x0) returned 0x4b [0204.297] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0204.297] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0204.298] GetFileType (hFile=0x2d8) returned 0x1 [0204.298] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0204.298] GetFileType (hFile=0x2d8) returned 0x1 [0204.298] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x32b [0204.298] ReadFile (in: hFile=0x2d8, lpBuffer=0x252ece0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x252ece0*, lpNumberOfBytesRead=0x3fe8e4*=0x32b, lpOverlapped=0x0) returned 1 [0204.308] CloseHandle (hObject=0x2d8) returned 1 [0204.325] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0204.325] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0204.325] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0204.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0204.326] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml", lpFilePart=0x0) returned 0x4b [0204.326] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0204.326] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0204.327] GetFileType (hFile=0x2d8) returned 0x1 [0204.327] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0204.327] GetFileType (hFile=0x2d8) returned 0x1 [0204.329] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml", lpFilePart=0x0) returned 0x4b [0204.329] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.encrypted", lpFilePart=0x0) returned 0x55 [0204.329] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0204.329] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x2e2b8140, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x330)) returned 1 [0204.329] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0204.329] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml.encrypted")) returned 1 [0204.330] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0204.331] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0204.331] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0204.331] GetFileType (hFile=0x2d8) returned 0x1 [0204.331] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0204.331] GetFileType (hFile=0x2d8) returned 0x1 [0204.331] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x16fc [0204.331] ReadFile (in: hFile=0x2d8, lpBuffer=0x257f03c, nNumberOfBytesToRead=0x16fc, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x257f03c*, lpNumberOfBytesRead=0x3fe8e4*=0x16fc, lpOverlapped=0x0) returned 1 [0204.333] CloseHandle (hObject=0x2d8) returned 1 [0204.349] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0204.349] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0204.349] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0204.350] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0204.350] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0204.350] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0204.350] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0204.351] GetFileType (hFile=0x2d8) returned 0x1 [0204.351] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0204.351] GetFileType (hFile=0x2d8) returned 0x1 [0204.351] WriteFile (in: hFile=0x2d8, lpBuffer=0x25d30e8*, nNumberOfBytesToWrite=0x1700, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0x25d30e8*, lpNumberOfBytesWritten=0x3fe8d4*=0x1700, lpOverlapped=0x0) returned 1 [0204.352] CloseHandle (hObject=0x2d8) returned 1 [0204.353] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0204.353] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0204.353] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0204.353] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x42c75f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x42c75f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x2e2de2a0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x1700)) returned 1 [0204.353] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0204.353] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0204.354] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe908) returned 1 [0204.354] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en", nBufferLength=0x105, lpBuffer=0x3fe410, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en", lpFilePart=0x0) returned 0x47 [0204.354] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\", lpFilePart=0x0) returned 0x48 [0204.355] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\*", lpFindFileData=0x3fe630 | out: lpFindFileData=0x3fe630*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e02c30 [0204.355] FindNextFileW (in: hFindFile=0x8e02c30, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0204.355] FindNextFileW (in: hFindFile=0x8e02c30, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x219b4a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x219b4a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf07b1ad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xaf35ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.cab", cAlternateFileName="")) returned 1 [0204.355] FindNextFileW (in: hFindFile=0x8e02c30, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4db6cb00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x4db6cb00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf020c5d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd5c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.msi", cAlternateFileName="")) returned 1 [0204.355] FindNextFileW (in: hFindFile=0x8e02c30, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa38b7300, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0xa38b7300, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf01be3d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x543, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 1 [0204.356] FindNextFileW (in: hFindFile=0x8e02c30, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0204.356] FindClose (in: hFindFile=0x8e02c30 | out: hFindFile=0x8e02c30) returned 1 [0204.356] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8c8) returned 1 [0204.356] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0204.356] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe908) returned 1 [0204.356] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en", nBufferLength=0x105, lpBuffer=0x3fe410, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en", lpFilePart=0x0) returned 0x47 [0204.356] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\", lpFilePart=0x0) returned 0x48 [0204.356] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\*", lpFindFileData=0x3fe630 | out: lpFindFileData=0x3fe630*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e02c30 [0204.356] FindNextFileW (in: hFindFile=0x8e02c30, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0204.357] FindNextFileW (in: hFindFile=0x8e02c30, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x219b4a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x219b4a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf07b1ad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xaf35ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.cab", cAlternateFileName="")) returned 1 [0204.357] FindNextFileW (in: hFindFile=0x8e02c30, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4db6cb00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x4db6cb00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf020c5d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd5c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.msi", cAlternateFileName="")) returned 1 [0204.357] FindNextFileW (in: hFindFile=0x8e02c30, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa38b7300, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0xa38b7300, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf01be3d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x543, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 1 [0204.358] FindNextFileW (in: hFindFile=0x8e02c30, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa38b7300, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0xa38b7300, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf01be3d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x543, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 0 [0204.358] FindClose (in: hFindFile=0x8e02c30 | out: hFindFile=0x8e02c30) returned 1 [0204.358] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8c8) returned 1 [0204.358] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0204.358] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab", nBufferLength=0x105, lpBuffer=0x3fe2fc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab", lpFilePart=0x0) returned 0x51 [0204.358] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7f0) returned 1 [0204.358] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0204.360] GetFileType (hFile=0x2d8) returned 0x1 [0204.360] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7ec) returned 1 [0204.360] GetFileType (hFile=0x2d8) returned 0x1 [0204.360] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x3fe8f8 | out: lpFileSizeHigh=0x3fe8f8*=0x0) returned 0xaf35ed [0204.385] ReadFile (in: hFile=0x2d8, lpBuffer=0x117ceb98, nNumberOfBytesToRead=0xaf35ed, lpNumberOfBytesRead=0x3fe8a4, lpOverlapped=0x0 | out: lpBuffer=0x117ceb98*, lpNumberOfBytesRead=0x3fe8a4*=0xaf35ed, lpOverlapped=0x0) returned 1 [0204.656] CloseHandle (hObject=0x2d8) returned 1 [0205.462] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0205.462] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe870) returned 1 [0205.462] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe8ec | out: lpFileInformation=0x3fe8ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0205.463] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe86c) returned 1 [0205.463] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab", nBufferLength=0x105, lpBuffer=0x3fe2e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab", lpFilePart=0x0) returned 0x51 [0205.463] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7d8) returned 1 [0205.463] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0205.464] GetFileType (hFile=0x2d8) returned 0x1 [0205.464] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7d4) returned 1 [0205.464] GetFileType (hFile=0x2d8) returned 0x1 [0205.464] WriteFile (in: hFile=0x2d8, lpBuffer=0x17441018*, nNumberOfBytesToWrite=0xaf35f0, lpNumberOfBytesWritten=0x3fe894, lpOverlapped=0x0 | out: lpBuffer=0x17441018*, lpNumberOfBytesWritten=0x3fe894*=0xaf35f0, lpOverlapped=0x0) returned 1 [0205.750] CloseHandle (hObject=0x2d8) returned 1 [0206.098] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab", nBufferLength=0x105, lpBuffer=0x3fe41c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab", lpFilePart=0x0) returned 0x51 [0206.098] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab.encrypted", nBufferLength=0x105, lpBuffer=0x3fe41c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab.encrypted", lpFilePart=0x0) returned 0x5b [0206.098] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe87c) returned 1 [0206.098] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab"), fInfoLevelId=0x0, lpFileInformation=0x3fe8f8 | out: lpFileInformation=0x3fe8f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x219b4a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x219b4a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0x2f33b9e0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0xaf35f0)) returned 1 [0206.098] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe878) returned 1 [0206.098] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab.encrypted")) returned 1 [0206.099] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml", nBufferLength=0x105, lpBuffer=0x3fe2fc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml", lpFilePart=0x0) returned 0x51 [0206.100] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7f0) returned 1 [0206.100] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0206.100] GetFileType (hFile=0x2d8) returned 0x1 [0206.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7ec) returned 1 [0206.100] GetFileType (hFile=0x2d8) returned 0x1 [0206.100] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x3fe8f8 | out: lpFileSizeHigh=0x3fe8f8*=0x0) returned 0x543 [0206.100] ReadFile (in: hFile=0x2d8, lpBuffer=0x2624764, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8a4, lpOverlapped=0x0 | out: lpBuffer=0x2624764*, lpNumberOfBytesRead=0x3fe8a4*=0x543, lpOverlapped=0x0) returned 1 [0206.111] CloseHandle (hObject=0x2d8) returned 1 [0206.164] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0206.164] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe870) returned 1 [0206.164] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe8ec | out: lpFileInformation=0x3fe8ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0206.164] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe86c) returned 1 [0206.164] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml", nBufferLength=0x105, lpBuffer=0x3fe2e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml", lpFilePart=0x0) returned 0x51 [0206.165] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7d8) returned 1 [0206.165] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0206.165] GetFileType (hFile=0x2d8) returned 0x1 [0206.166] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7d4) returned 1 [0206.166] GetFileType (hFile=0x2d8) returned 0x1 [0206.166] WriteFile (in: hFile=0x2d8, lpBuffer=0x250ac60*, nNumberOfBytesToWrite=0x550, lpNumberOfBytesWritten=0x3fe868, lpOverlapped=0x0 | out: lpBuffer=0x250ac60*, lpNumberOfBytesWritten=0x3fe868*=0x550, lpOverlapped=0x0) returned 1 [0206.167] CloseHandle (hObject=0x2d8) returned 1 [0206.168] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml", nBufferLength=0x105, lpBuffer=0x3fe41c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml", lpFilePart=0x0) returned 0x51 [0206.168] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe41c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.encrypted", lpFilePart=0x0) returned 0x5b [0206.168] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe87c) returned 1 [0206.168] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe8f8 | out: lpFileInformation=0x3fe8f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa38b7300, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0xa38b7300, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0x2f3fa0c0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x550)) returned 1 [0206.168] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe878) returned 1 [0206.168] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml.encrypted")) returned 1 [0206.169] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe908) returned 1 [0206.169] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es", nBufferLength=0x105, lpBuffer=0x3fe410, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es", lpFilePart=0x0) returned 0x47 [0206.169] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\", lpFilePart=0x0) returned 0x48 [0206.169] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\*", lpFindFileData=0x3fe630 | out: lpFindFileData=0x3fe630*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e02d30 [0206.170] FindNextFileW (in: hFindFile=0x8e02d30, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0206.170] FindNextFileW (in: hFindFile=0x8e02d30, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3ba05100, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3ba05100, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd02aea, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.cab", cAlternateFileName="")) returned 1 [0206.170] FindNextFileW (in: hFindFile=0x8e02d30, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4e5c7f0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd7200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.msi", cAlternateFileName="")) returned 1 [0206.170] FindNextFileW (in: hFindFile=0x8e02d30, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4e37e00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 1 [0206.170] FindNextFileW (in: hFindFile=0x8e02d30, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0206.170] FindClose (in: hFindFile=0x8e02d30 | out: hFindFile=0x8e02d30) returned 1 [0206.171] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8c8) returned 1 [0206.171] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0206.171] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe908) returned 1 [0206.171] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es", nBufferLength=0x105, lpBuffer=0x3fe410, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es", lpFilePart=0x0) returned 0x47 [0206.171] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\", lpFilePart=0x0) returned 0x48 [0206.171] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\*", lpFindFileData=0x3fe630 | out: lpFindFileData=0x3fe630*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e02d30 [0206.171] FindNextFileW (in: hFindFile=0x8e02d30, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0206.171] FindNextFileW (in: hFindFile=0x8e02d30, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3ba05100, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3ba05100, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd02aea, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.cab", cAlternateFileName="")) returned 1 [0206.171] FindNextFileW (in: hFindFile=0x8e02d30, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4e5c7f0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd7200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.msi", cAlternateFileName="")) returned 1 [0206.171] FindNextFileW (in: hFindFile=0x8e02d30, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4e37e00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 1 [0206.172] FindNextFileW (in: hFindFile=0x8e02d30, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4e37e00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 0 [0206.172] FindClose (in: hFindFile=0x8e02d30 | out: hFindFile=0x8e02d30) returned 1 [0206.172] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8c8) returned 1 [0206.172] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0206.172] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab", nBufferLength=0x105, lpBuffer=0x3fe2fc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab", lpFilePart=0x0) returned 0x51 [0206.172] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7f0) returned 1 [0206.172] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0206.173] GetFileType (hFile=0x2d8) returned 0x1 [0206.173] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7ec) returned 1 [0206.173] GetFileType (hFile=0x2d8) returned 0x1 [0206.173] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x3fe8f8 | out: lpFileSizeHigh=0x3fe8f8*=0x0) returned 0xd02aea [0206.207] ReadFile (in: hFile=0x2d8, lpBuffer=0x18441018, nNumberOfBytesToRead=0xd02aea, lpNumberOfBytesRead=0x3fe8a4, lpOverlapped=0x0 | out: lpBuffer=0x18441018*, lpNumberOfBytesRead=0x3fe8a4*=0xd02aea, lpOverlapped=0x0) returned 1 [0207.020] CloseHandle (hObject=0x2d8) returned 1 [0207.869] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0207.869] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe870) returned 1 [0207.869] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe8ec | out: lpFileInformation=0x3fe8ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0207.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe86c) returned 1 [0207.870] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab", nBufferLength=0x105, lpBuffer=0x3fe2e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab", lpFilePart=0x0) returned 0x51 [0207.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7d8) returned 1 [0207.870] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0207.871] GetFileType (hFile=0x2d8) returned 0x1 [0207.871] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7d4) returned 1 [0207.871] GetFileType (hFile=0x2d8) returned 0x1 [0207.871] WriteFile (in: hFile=0x2d8, lpBuffer=0x241e1018*, nNumberOfBytesToWrite=0xd02af0, lpNumberOfBytesWritten=0x3fe894, lpOverlapped=0x0 | out: lpBuffer=0x241e1018*, lpNumberOfBytesWritten=0x3fe894*=0xd02af0, lpOverlapped=0x0) returned 1 [0208.216] CloseHandle (hObject=0x2d8) returned 1 [0208.535] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab", nBufferLength=0x105, lpBuffer=0x3fe41c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab", lpFilePart=0x0) returned 0x51 [0208.535] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab.encrypted", nBufferLength=0x105, lpBuffer=0x3fe41c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab.encrypted", lpFilePart=0x0) returned 0x5b [0208.535] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe87c) returned 1 [0208.535] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab"), fInfoLevelId=0x0, lpFileInformation=0x3fe8f8 | out: lpFileInformation=0x3fe8f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3ba05100, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3ba05100, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x30a24da0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0xd02af0)) returned 1 [0208.535] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe878) returned 1 [0208.535] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab.encrypted")) returned 1 [0208.537] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml", nBufferLength=0x105, lpBuffer=0x3fe2fc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml", lpFilePart=0x0) returned 0x51 [0208.537] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7f0) returned 1 [0208.537] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0208.538] GetFileType (hFile=0x2d8) returned 0x1 [0208.538] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7ec) returned 1 [0208.538] GetFileType (hFile=0x2d8) returned 0x1 [0208.538] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x3fe8f8 | out: lpFileSizeHigh=0x3fe8f8*=0x0) returned 0x5b1 [0208.538] ReadFile (in: hFile=0x2d8, lpBuffer=0x255bb90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8a4, lpOverlapped=0x0 | out: lpBuffer=0x255bb90*, lpNumberOfBytesRead=0x3fe8a4*=0x5b1, lpOverlapped=0x0) returned 1 [0208.597] CloseHandle (hObject=0x2d8) returned 1 [0208.613] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0208.613] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe870) returned 1 [0208.613] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe8ec | out: lpFileInformation=0x3fe8ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0208.613] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe86c) returned 1 [0208.613] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml", nBufferLength=0x105, lpBuffer=0x3fe2e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml", lpFilePart=0x0) returned 0x51 [0208.613] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7d8) returned 1 [0208.613] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0208.614] GetFileType (hFile=0x2d8) returned 0x1 [0208.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7d4) returned 1 [0208.614] GetFileType (hFile=0x2d8) returned 0x1 [0208.617] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml", nBufferLength=0x105, lpBuffer=0x3fe41c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml", lpFilePart=0x0) returned 0x51 [0208.617] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe41c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.encrypted", lpFilePart=0x0) returned 0x5b [0208.617] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe87c) returned 1 [0208.617] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe8f8 | out: lpFileInformation=0x3fe8f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x30b095e0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x5c0)) returned 1 [0208.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe878) returned 1 [0208.618] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml.encrypted")) returned 1 [0208.619] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe908) returned 1 [0208.619] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr", nBufferLength=0x105, lpBuffer=0x3fe410, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr", lpFilePart=0x0) returned 0x47 [0208.619] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\", lpFilePart=0x0) returned 0x48 [0208.619] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\*", lpFindFileData=0x3fe630 | out: lpFindFileData=0x3fe630*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e05dd8 [0208.620] FindNextFileW (in: hFindFile=0x8e05dd8, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.620] FindNextFileW (in: hFindFile=0x8e05dd8, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x35aa7000, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x35aa7000, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf3076b00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1416b54, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.cab", cAlternateFileName="")) returned 1 [0208.620] FindNextFileW (in: hFindFile=0x8e05dd8, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf2e3b660, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd8400, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.msi", cAlternateFileName="")) returned 1 [0208.620] FindNextFileW (in: hFindFile=0x8e05dd8, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf2bd90c0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 1 [0208.620] FindNextFileW (in: hFindFile=0x8e05dd8, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0208.620] FindClose (in: hFindFile=0x8e05dd8 | out: hFindFile=0x8e05dd8) returned 1 [0208.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8c8) returned 1 [0208.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0208.620] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe908) returned 1 [0208.620] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr", nBufferLength=0x105, lpBuffer=0x3fe410, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr", lpFilePart=0x0) returned 0x47 [0208.621] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\", lpFilePart=0x0) returned 0x48 [0208.621] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\*", lpFindFileData=0x3fe630 | out: lpFindFileData=0x3fe630*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e05dd8 [0208.621] FindNextFileW (in: hFindFile=0x8e05dd8, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0208.621] FindNextFileW (in: hFindFile=0x8e05dd8, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x35aa7000, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x35aa7000, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf3076b00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1416b54, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.cab", cAlternateFileName="")) returned 1 [0208.621] FindNextFileW (in: hFindFile=0x8e05dd8, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf2e3b660, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd8400, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.msi", cAlternateFileName="")) returned 1 [0208.621] FindNextFileW (in: hFindFile=0x8e05dd8, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf2bd90c0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 1 [0208.621] FindNextFileW (in: hFindFile=0x8e05dd8, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf2bd90c0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.xml", cAlternateFileName="")) returned 0 [0208.621] FindClose (in: hFindFile=0x8e05dd8 | out: hFindFile=0x8e05dd8) returned 1 [0208.622] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8c8) returned 1 [0208.622] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0208.622] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab", nBufferLength=0x105, lpBuffer=0x3fe2fc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab", lpFilePart=0x0) returned 0x51 [0208.622] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7f0) returned 1 [0208.622] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d8 [0208.622] GetFileType (hFile=0x2d8) returned 0x1 [0208.622] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7ec) returned 1 [0208.622] GetFileType (hFile=0x2d8) returned 0x1 [0208.622] GetFileSize (in: hFile=0x2d8, lpFileSizeHigh=0x3fe8f8 | out: lpFileSizeHigh=0x3fe8f8*=0x0) returned 0x1416b54 [0208.682] ReadFile (in: hFile=0x2d8, lpBuffer=0x251e1018, nNumberOfBytesToRead=0x1416b54, lpNumberOfBytesRead=0x3fe8a4, lpOverlapped=0x0 | out: lpBuffer=0x251e1018*, lpNumberOfBytesRead=0x3fe8a4*=0x1416b54, lpOverlapped=0x0) returned 1 [0209.830] CloseHandle (hObject=0x2d8) returned 1 [0211.250] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0211.251] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe870) returned 1 [0211.251] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe8ec | out: lpFileInformation=0x3fe8ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0211.252] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe86c) returned 1 [0211.253] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab", nBufferLength=0x105, lpBuffer=0x3fe2e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab", lpFilePart=0x0) returned 0x51 [0211.253] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7d8) returned 1 [0211.253] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0211.261] GetFileType (hFile=0x280) returned 0x1 [0211.261] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7d4) returned 1 [0211.261] GetFileType (hFile=0x280) returned 0x1 [0211.261] WriteFile (in: hFile=0x280, lpBuffer=0x2f3f1018*, nNumberOfBytesToWrite=0x1416b60, lpNumberOfBytesWritten=0x3fe894, lpOverlapped=0x0 | out: lpBuffer=0x2f3f1018*, lpNumberOfBytesWritten=0x3fe894*=0x1416b60, lpOverlapped=0x0) returned 1 [0211.803] CloseHandle (hObject=0x280) returned 1 [0212.161] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab", nBufferLength=0x105, lpBuffer=0x3fe41c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab", lpFilePart=0x0) returned 0x51 [0212.161] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab.encrypted", nBufferLength=0x105, lpBuffer=0x3fe41c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab.encrypted", lpFilePart=0x0) returned 0x5b [0212.161] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe87c) returned 1 [0212.161] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab"), fInfoLevelId=0x0, lpFileInformation=0x3fe8f8 | out: lpFileInformation=0x3fe8f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x35aa7000, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x35aa7000, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x32c82b40, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x1416b60)) returned 1 [0212.162] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe878) returned 1 [0212.162] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab.encrypted")) returned 1 [0212.165] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", nBufferLength=0x105, lpBuffer=0x3fe2fc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", lpFilePart=0x0) returned 0x51 [0212.165] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7f0) returned 1 [0212.165] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0212.166] GetFileType (hFile=0x280) returned 0x1 [0212.166] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7ec) returned 1 [0212.166] GetFileType (hFile=0x280) returned 0x1 [0212.166] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x3fe8f8 | out: lpFileSizeHigh=0x3fe8f8*=0x0) returned 0x5b2 [0212.166] ReadFile (in: hFile=0x280, lpBuffer=0x25fc64c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8a4, lpOverlapped=0x0 | out: lpBuffer=0x25fc64c*, lpNumberOfBytesRead=0x3fe8a4*=0x5b2, lpOverlapped=0x0) returned 1 [0212.168] CloseHandle (hObject=0x280) returned 1 [0212.183] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0212.183] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe870) returned 1 [0212.183] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe8ec | out: lpFileInformation=0x3fe8ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.184] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe86c) returned 1 [0212.184] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", nBufferLength=0x105, lpBuffer=0x3fe2e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", lpFilePart=0x0) returned 0x51 [0212.184] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7d8) returned 1 [0212.184] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0212.185] GetFileType (hFile=0x280) returned 0x1 [0212.185] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7d4) returned 1 [0212.185] GetFileType (hFile=0x280) returned 0x1 [0212.185] WriteFile (in: hFile=0x280, lpBuffer=0x264c330*, nNumberOfBytesToWrite=0x5c0, lpNumberOfBytesWritten=0x3fe868, lpOverlapped=0x0 | out: lpBuffer=0x264c330*, lpNumberOfBytesWritten=0x3fe868*=0x5c0, lpOverlapped=0x0) returned 1 [0212.186] CloseHandle (hObject=0x280) returned 1 [0212.187] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", nBufferLength=0x105, lpBuffer=0x3fe41c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", lpFilePart=0x0) returned 0x51 [0212.187] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe41c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.encrypted", lpFilePart=0x0) returned 0x5b [0212.187] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe87c) returned 1 [0212.187] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe8f8 | out: lpFileInformation=0x3fe8f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x32ca8ca0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x5c0)) returned 1 [0212.187] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe878) returned 1 [0212.187] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml.encrypted")) returned 1 [0212.189] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0212.189] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0212.189] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0212.189] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e05ed8 [0212.192] FindNextFileW (in: hFindFile=0x8e05ed8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.192] FindNextFileW (in: hFindFile=0x8e05ed8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc138cb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd5600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32MUI.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0212.192] FindNextFileW (in: hFindFile=0x8e05ed8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc138cb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x567, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32MUI.xml", cAlternateFileName="OFFICE~1.XML")) returned 1 [0212.193] FindNextFileW (in: hFindFile=0x8e05ed8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc301560, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2cb13b, dwReserved0=0x0, dwReserved1=0x0, cFileName="OWOW32LR.cab", cAlternateFileName="")) returned 1 [0212.193] FindNextFileW (in: hFindFile=0x8e05ed8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc3e4630, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x93a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0212.193] FindNextFileW (in: hFindFile=0x8e05ed8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.193] FindClose (in: hFindFile=0x8e05ed8 | out: hFindFile=0x8e05ed8) returned 1 [0212.194] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0212.194] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0212.194] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0212.194] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0212.194] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0212.194] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e05ed8 [0212.195] FindNextFileW (in: hFindFile=0x8e05ed8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.195] FindNextFileW (in: hFindFile=0x8e05ed8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc138cb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd5600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32MUI.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0212.195] FindNextFileW (in: hFindFile=0x8e05ed8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc138cb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x567, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32MUI.xml", cAlternateFileName="OFFICE~1.XML")) returned 1 [0212.195] FindNextFileW (in: hFindFile=0x8e05ed8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc301560, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2cb13b, dwReserved0=0x0, dwReserved1=0x0, cFileName="OWOW32LR.cab", cAlternateFileName="")) returned 1 [0212.195] FindNextFileW (in: hFindFile=0x8e05ed8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc3e4630, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x93a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0212.196] FindNextFileW (in: hFindFile=0x8e05ed8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc3e4630, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x93a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0212.196] FindClose (in: hFindFile=0x8e05ed8 | out: hFindFile=0x8e05ed8) returned 1 [0212.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0212.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0212.197] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml", lpFilePart=0x0) returned 0x4e [0212.197] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0212.197] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0212.198] GetFileType (hFile=0x280) returned 0x1 [0212.198] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0212.198] GetFileType (hFile=0x280) returned 0x1 [0212.198] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x567 [0212.198] ReadFile (in: hFile=0x280, lpBuffer=0x264ff1c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x264ff1c*, lpNumberOfBytesRead=0x3fe8e4*=0x567, lpOverlapped=0x0) returned 1 [0212.200] CloseHandle (hObject=0x280) returned 1 [0212.214] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0212.215] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0212.215] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0212.215] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml", lpFilePart=0x0) returned 0x4e [0212.215] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0212.215] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0212.216] GetFileType (hFile=0x280) returned 0x1 [0212.216] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0212.216] GetFileType (hFile=0x280) returned 0x1 [0212.218] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml", lpFilePart=0x0) returned 0x4e [0212.218] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.encrypted", lpFilePart=0x0) returned 0x58 [0212.218] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0212.218] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x32cf4f60, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x570)) returned 1 [0212.218] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0212.218] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml.encrypted")) returned 1 [0212.222] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab", lpFilePart=0x0) returned 0x4b [0212.222] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0212.222] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0212.223] GetFileType (hFile=0x280) returned 0x1 [0212.223] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0212.223] GetFileType (hFile=0x280) returned 0x1 [0212.223] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x2cb13b [0212.241] ReadFile (in: hFile=0x280, lpBuffer=0x34954d0, nNumberOfBytesToRead=0x2cb13b, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x34954d0*, lpNumberOfBytesRead=0x3fe8e4*=0x2cb13b, lpOverlapped=0x0) returned 1 [0212.289] CloseHandle (hObject=0x280) returned 1 [0212.524] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0212.524] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0212.524] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.525] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0212.525] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab", lpFilePart=0x0) returned 0x4b [0212.525] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0212.525] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0212.525] GetFileType (hFile=0x280) returned 0x1 [0212.525] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0212.525] GetFileType (hFile=0x280) returned 0x1 [0212.526] WriteFile (in: hFile=0x280, lpBuffer=0x3f95fe0*, nNumberOfBytesToWrite=0x2cb140, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0x3f95fe0*, lpNumberOfBytesWritten=0x3fe8d4*=0x2cb140, lpOverlapped=0x0) returned 1 [0212.588] CloseHandle (hObject=0x280) returned 1 [0212.641] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab", lpFilePart=0x0) returned 0x4b [0212.641] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab.encrypted", lpFilePart=0x0) returned 0x55 [0212.641] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0212.641] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3311f5e0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x2cb140)) returned 1 [0212.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0212.641] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab.encrypted")) returned 1 [0212.642] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0212.642] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0212.642] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0212.643] GetFileType (hFile=0x280) returned 0x1 [0212.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0212.643] GetFileType (hFile=0x280) returned 0x1 [0212.643] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x93a [0212.643] ReadFile (in: hFile=0x280, lpBuffer=0x24efd08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x24efd08*, lpNumberOfBytesRead=0x3fe8e4*=0x93a, lpOverlapped=0x0) returned 1 [0212.645] CloseHandle (hObject=0x280) returned 1 [0212.660] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0212.660] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0212.660] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0212.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0212.660] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0212.660] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0212.660] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0212.661] GetFileType (hFile=0x280) returned 0x1 [0212.661] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0212.661] GetFileType (hFile=0x280) returned 0x1 [0212.662] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0212.663] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0212.663] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0212.663] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x33145740, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x940)) returned 1 [0212.663] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0212.663] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0212.664] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0212.664] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0212.664] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0212.664] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e06058 [0212.666] FindNextFileW (in: hFindFile=0x8e06058, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.666] FindNextFileW (in: hFindFile=0x8e06058, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf79111d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1200204, dwReserved0=0x0, dwReserved1=0x0, cFileName="InfLR.cab", cAlternateFileName="")) returned 1 [0212.666] FindNextFileW (in: hFindFile=0x8e06058, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf6e58f90, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2fac00, dwReserved0=0x0, dwReserved1=0x0, cFileName="InfoPathMUI.msi", cAlternateFileName="INFOPA~1.MSI")) returned 1 [0212.666] FindNextFileW (in: hFindFile=0x8e06058, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf6e345a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x4cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="InfoPathMUI.xml", cAlternateFileName="INFOPA~1.XML")) returned 1 [0212.666] FindNextFileW (in: hFindFile=0x8e06058, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x73c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0212.666] FindNextFileW (in: hFindFile=0x8e06058, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0212.667] FindClose (in: hFindFile=0x8e06058 | out: hFindFile=0x8e06058) returned 1 [0212.667] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0212.667] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0212.667] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0212.667] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0212.667] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0212.668] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e06058 [0212.668] FindNextFileW (in: hFindFile=0x8e06058, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0212.669] FindNextFileW (in: hFindFile=0x8e06058, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf79111d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1200204, dwReserved0=0x0, dwReserved1=0x0, cFileName="InfLR.cab", cAlternateFileName="")) returned 1 [0212.669] FindNextFileW (in: hFindFile=0x8e06058, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf6e58f90, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2fac00, dwReserved0=0x0, dwReserved1=0x0, cFileName="InfoPathMUI.msi", cAlternateFileName="INFOPA~1.MSI")) returned 1 [0212.669] FindNextFileW (in: hFindFile=0x8e06058, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf6e345a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x4cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="InfoPathMUI.xml", cAlternateFileName="INFOPA~1.XML")) returned 1 [0212.669] FindNextFileW (in: hFindFile=0x8e06058, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x73c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0212.669] FindNextFileW (in: hFindFile=0x8e06058, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x73c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0212.669] FindClose (in: hFindFile=0x8e06058 | out: hFindFile=0x8e06058) returned 1 [0212.670] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0212.670] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0212.670] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab", lpFilePart=0x0) returned 0x48 [0212.670] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0212.670] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0212.671] GetFileType (hFile=0x280) returned 0x1 [0212.671] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0212.671] GetFileType (hFile=0x280) returned 0x1 [0212.671] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x1200204 [0212.722] ReadFile (in: hFile=0x280, lpBuffer=0x313f1018, nNumberOfBytesToRead=0x1200204, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x313f1018*, lpNumberOfBytesRead=0x3fe8e4*=0x1200204, lpOverlapped=0x0) returned 1 [0213.267] CloseHandle (hObject=0x280) returned 1 [0219.815] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0219.815] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0219.815] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.817] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0219.817] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab", lpFilePart=0x0) returned 0x48 [0219.817] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0219.818] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0219.822] GetFileType (hFile=0x280) returned 0x1 [0219.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0219.823] GetFileType (hFile=0x280) returned 0x1 [0219.823] WriteFile (in: hFile=0x280, lpBuffer=0x4d01018*, nNumberOfBytesToWrite=0x1200210, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0x4d01018*, lpNumberOfBytesWritten=0x3fe8d4*=0x1200210, lpOverlapped=0x0) returned 1 [0220.285] CloseHandle (hObject=0x280) returned 1 [0220.388] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab", lpFilePart=0x0) returned 0x48 [0220.388] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab.encrypted", lpFilePart=0x0) returned 0x52 [0220.388] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0220.388] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x37ae9fe0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x1200210)) returned 1 [0220.388] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0220.388] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab.encrypted")) returned 1 [0220.391] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml", lpFilePart=0x0) returned 0x4e [0220.391] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0220.392] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0220.392] GetFileType (hFile=0x280) returned 0x1 [0220.392] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0220.392] GetFileType (hFile=0x280) returned 0x1 [0220.392] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x4cf [0220.392] ReadFile (in: hFile=0x280, lpBuffer=0x24dbce8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x24dbce8*, lpNumberOfBytesRead=0x3fe8e4*=0x4cf, lpOverlapped=0x0) returned 1 [0220.395] CloseHandle (hObject=0x280) returned 1 [0220.484] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0220.484] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0220.484] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0220.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0220.484] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml", lpFilePart=0x0) returned 0x4e [0220.484] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0220.484] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0220.485] GetFileType (hFile=0x280) returned 0x1 [0220.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0220.485] GetFileType (hFile=0x280) returned 0x1 [0220.485] WriteFile (in: hFile=0x280, lpBuffer=0x252b6a8*, nNumberOfBytesToWrite=0x4d0, lpNumberOfBytesWritten=0x3fe8a8, lpOverlapped=0x0 | out: lpBuffer=0x252b6a8*, lpNumberOfBytesWritten=0x3fe8a8*=0x4d0, lpOverlapped=0x0) returned 1 [0220.486] CloseHandle (hObject=0x280) returned 1 [0220.486] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml", lpFilePart=0x0) returned 0x4e [0220.486] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.encrypted", lpFilePart=0x0) returned 0x58 [0220.486] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0220.486] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x37bce820, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x4d0)) returned 1 [0220.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0220.487] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml.encrypted")) returned 1 [0220.488] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0220.488] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0220.488] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0220.489] GetFileType (hFile=0x280) returned 0x1 [0220.489] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0220.489] GetFileType (hFile=0x280) returned 0x1 [0220.489] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x73c [0220.489] ReadFile (in: hFile=0x280, lpBuffer=0x252d15c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x252d15c*, lpNumberOfBytesRead=0x3fe8e4*=0x73c, lpOverlapped=0x0) returned 1 [0220.552] CloseHandle (hObject=0x280) returned 1 [0220.569] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0220.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0220.570] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0220.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0220.570] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0220.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0220.570] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0220.571] GetFileType (hFile=0x280) returned 0x1 [0220.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0220.571] GetFileType (hFile=0x280) returned 0x1 [0220.571] WriteFile (in: hFile=0x280, lpBuffer=0x257db40*, nNumberOfBytesToWrite=0x740, lpNumberOfBytesWritten=0x3fe8a8, lpOverlapped=0x0 | out: lpBuffer=0x257db40*, lpNumberOfBytesWritten=0x3fe8a8*=0x740, lpOverlapped=0x0) returned 1 [0220.572] CloseHandle (hObject=0x280) returned 1 [0220.573] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0220.573] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0220.573] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0220.573] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x37cb3060, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x740)) returned 1 [0220.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0220.573] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0220.575] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0220.575] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0220.575] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0220.575] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e061d8 [0220.576] FindNextFileW (in: hFindFile=0x8e061d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.577] FindNextFileW (in: hFindFile=0x8e061d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f356eb0, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x5f356eb0, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x1861, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0220.577] FindNextFileW (in: hFindFile=0x8e061d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7fb9f9e0, ftCreationTime.dwHighDateTime=0x1cbe575, ftLastAccessTime.dwLowDateTime=0x7fb9f9e0, ftLastAccessTime.dwHighDateTime=0x1cbe575, ftLastWriteTime.dwLowDateTime=0x437179c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x30780dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="VisioLR.cab", cAlternateFileName="")) returned 1 [0220.577] FindNextFileW (in: hFindFile=0x8e061d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x272b1e70, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x272b1e70, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x435c1d00, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x2ab000, dwReserved0=0x0, dwReserved1=0x0, cFileName="VisioMUI.msi", cAlternateFileName="")) returned 1 [0220.577] FindNextFileW (in: hFindFile=0x8e061d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f0a8e20, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x5f0a8e20, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x4359ac00, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x251f, dwReserved0=0x0, dwReserved1=0x0, cFileName="VisioMUI.xml", cAlternateFileName="")) returned 1 [0220.577] FindNextFileW (in: hFindFile=0x8e061d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.578] FindClose (in: hFindFile=0x8e061d8 | out: hFindFile=0x8e061d8) returned 1 [0220.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0220.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0220.578] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0220.578] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0220.578] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0220.578] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e061d8 [0220.578] FindNextFileW (in: hFindFile=0x8e061d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.579] FindNextFileW (in: hFindFile=0x8e061d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f356eb0, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x5f356eb0, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x1861, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0220.579] FindNextFileW (in: hFindFile=0x8e061d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7fb9f9e0, ftCreationTime.dwHighDateTime=0x1cbe575, ftLastAccessTime.dwLowDateTime=0x7fb9f9e0, ftLastAccessTime.dwHighDateTime=0x1cbe575, ftLastWriteTime.dwLowDateTime=0x437179c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x30780dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="VisioLR.cab", cAlternateFileName="")) returned 1 [0220.579] FindNextFileW (in: hFindFile=0x8e061d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x272b1e70, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x272b1e70, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x435c1d00, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x2ab000, dwReserved0=0x0, dwReserved1=0x0, cFileName="VisioMUI.msi", cAlternateFileName="")) returned 1 [0220.579] FindNextFileW (in: hFindFile=0x8e061d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f0a8e20, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x5f0a8e20, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x4359ac00, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x251f, dwReserved0=0x0, dwReserved1=0x0, cFileName="VisioMUI.xml", cAlternateFileName="")) returned 1 [0220.579] FindNextFileW (in: hFindFile=0x8e061d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f0a8e20, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x5f0a8e20, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x4359ac00, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x251f, dwReserved0=0x0, dwReserved1=0x0, cFileName="VisioMUI.xml", cAlternateFileName="")) returned 0 [0220.580] FindClose (in: hFindFile=0x8e061d8 | out: hFindFile=0x8e061d8) returned 1 [0220.580] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0220.580] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0220.580] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0220.580] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0220.580] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0220.583] GetFileType (hFile=0x280) returned 0x1 [0220.583] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0220.583] GetFileType (hFile=0x280) returned 0x1 [0220.584] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x1861 [0220.584] ReadFile (in: hFile=0x280, lpBuffer=0x2581068, nNumberOfBytesToRead=0x1861, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x2581068*, lpNumberOfBytesRead=0x3fe8e4*=0x1861, lpOverlapped=0x0) returned 1 [0220.585] CloseHandle (hObject=0x280) returned 1 [0220.601] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0220.601] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0220.601] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0220.601] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0220.601] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0220.601] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0220.601] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0220.602] GetFileType (hFile=0x280) returned 0x1 [0220.602] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0220.602] GetFileType (hFile=0x280) returned 0x1 [0220.602] WriteFile (in: hFile=0x280, lpBuffer=0x25d5c40*, nNumberOfBytesToWrite=0x1870, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0x25d5c40*, lpNumberOfBytesWritten=0x3fe8d4*=0x1870, lpOverlapped=0x0) returned 1 [0220.603] CloseHandle (hObject=0x280) returned 1 [0220.604] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0220.604] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0220.604] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0220.604] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f356eb0, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x5f356eb0, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x37cff320, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x1870)) returned 1 [0220.604] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0220.604] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0220.607] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab", lpFilePart=0x0) returned 0x4a [0220.607] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0220.607] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x280 [0220.607] GetFileType (hFile=0x280) returned 0x1 [0220.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0220.607] GetFileType (hFile=0x280) returned 0x1 [0220.607] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x30780dd [0220.729] ReadFile (in: hFile=0x280, lpBuffer=0xc441018, nNumberOfBytesToRead=0x30780dd, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0xc441018*, lpNumberOfBytesRead=0x3fe8e4*=0x30780dd, lpOverlapped=0x0) returned 1 [0222.021] CloseHandle (hObject=0x280) returned 1 [0226.205] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0226.205] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0226.205] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0226.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0226.205] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab", lpFilePart=0x0) returned 0x4a [0226.205] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0226.206] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0226.210] GetFileType (hFile=0x44c) returned 0x1 [0226.210] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0226.210] GetFileType (hFile=0x44c) returned 0x1 [0226.210] WriteFile (in: hFile=0x44c, lpBuffer=0x1f441018*, nNumberOfBytesToWrite=0x30780e0, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0x1f441018*, lpNumberOfBytesWritten=0x3fe8d4*=0x30780e0, lpOverlapped=0x0) returned 1 [0228.657] CloseHandle (hObject=0x44c) returned 1 [0228.657] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab", lpFilePart=0x0) returned 0x4a [0228.657] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab.encrypted", lpFilePart=0x0) returned 0x54 [0228.657] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0228.657] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7fb9f9e0, ftCreationTime.dwHighDateTime=0x1cbe575, ftLastAccessTime.dwLowDateTime=0x7fb9f9e0, ftLastAccessTime.dwHighDateTime=0x1cbe575, ftLastWriteTime.dwLowDateTime=0x3c9c38a0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x30780e0)) returned 1 [0228.658] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0228.658] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab.encrypted")) returned 1 [0228.659] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml", lpFilePart=0x0) returned 0x4b [0228.659] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0228.659] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0228.660] GetFileType (hFile=0x44c) returned 0x1 [0228.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0228.660] GetFileType (hFile=0x44c) returned 0x1 [0228.660] GetFileSize (in: hFile=0x44c, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x251f [0228.660] ReadFile (in: hFile=0x44c, lpBuffer=0x24dc4cc, nNumberOfBytesToRead=0x251f, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x24dc4cc*, lpNumberOfBytesRead=0x3fe8e4*=0x251f, lpOverlapped=0x0) returned 1 [0228.662] CloseHandle (hObject=0x44c) returned 1 [0228.718] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0228.718] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0228.718] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0228.718] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0228.718] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml", lpFilePart=0x0) returned 0x4b [0228.718] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0228.718] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0228.719] GetFileType (hFile=0x44c) returned 0x1 [0228.719] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0228.719] GetFileType (hFile=0x44c) returned 0x1 [0228.720] WriteFile (in: hFile=0x44c, lpBuffer=0x2534d78*, nNumberOfBytesToWrite=0x2520, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0x2534d78*, lpNumberOfBytesWritten=0x3fe8d4*=0x2520, lpOverlapped=0x0) returned 1 [0228.721] CloseHandle (hObject=0x44c) returned 1 [0228.721] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml", lpFilePart=0x0) returned 0x4b [0228.721] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.encrypted", lpFilePart=0x0) returned 0x55 [0228.721] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0228.721] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f0a8e20, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x5f0a8e20, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x3ca5be20, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x2520)) returned 1 [0228.721] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0228.721] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml.encrypted")) returned 1 [0228.722] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0228.723] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0228.723] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0228.723] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e06358 [0228.725] FindNextFileW (in: hFindFile=0x8e06358, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.726] FindNextFileW (in: hFindFile=0x8e06358, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf5914a30, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263400, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneNoteMUI.msi", cAlternateFileName="ONENOT~1.MSI")) returned 1 [0228.726] FindNextFileW (in: hFindFile=0x8e06358, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf58ed930, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x646, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneNoteMUI.xml", cAlternateFileName="ONENOT~1.XML")) returned 1 [0228.726] FindNextFileW (in: hFindFile=0x8e06358, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x36db9d00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x36db9d00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf5e95540, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x10a5df8, dwReserved0=0x0, dwReserved1=0x0, cFileName="OnoteLR.cab", cAlternateFileName="")) returned 1 [0228.726] FindNextFileW (in: hFindFile=0x8e06358, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf6e0d4a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x7c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0228.726] FindNextFileW (in: hFindFile=0x8e06358, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0228.726] FindClose (in: hFindFile=0x8e06358 | out: hFindFile=0x8e06358) returned 1 [0228.727] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0228.727] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0228.727] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0228.727] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0228.727] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0228.728] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e06358 [0228.728] FindNextFileW (in: hFindFile=0x8e06358, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.729] FindNextFileW (in: hFindFile=0x8e06358, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf5914a30, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263400, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneNoteMUI.msi", cAlternateFileName="ONENOT~1.MSI")) returned 1 [0228.729] FindNextFileW (in: hFindFile=0x8e06358, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf58ed930, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x646, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneNoteMUI.xml", cAlternateFileName="ONENOT~1.XML")) returned 1 [0228.729] FindNextFileW (in: hFindFile=0x8e06358, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x36db9d00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x36db9d00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf5e95540, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x10a5df8, dwReserved0=0x0, dwReserved1=0x0, cFileName="OnoteLR.cab", cAlternateFileName="")) returned 1 [0228.729] FindNextFileW (in: hFindFile=0x8e06358, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf6e0d4a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x7c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0228.729] FindNextFileW (in: hFindFile=0x8e06358, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf6e0d4a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x7c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0228.729] FindClose (in: hFindFile=0x8e06358 | out: hFindFile=0x8e06358) returned 1 [0228.730] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0228.730] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0228.730] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml", lpFilePart=0x0) returned 0x4d [0228.730] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0228.730] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0228.731] GetFileType (hFile=0x44c) returned 0x1 [0228.731] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0228.731] GetFileType (hFile=0x44c) returned 0x1 [0228.731] GetFileSize (in: hFile=0x44c, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x646 [0228.732] ReadFile (in: hFile=0x44c, lpBuffer=0x253a16c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x253a16c*, lpNumberOfBytesRead=0x3fe8e4*=0x646, lpOverlapped=0x0) returned 1 [0228.733] CloseHandle (hObject=0x44c) returned 1 [0228.749] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0228.749] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0228.749] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0228.749] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0228.749] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml", lpFilePart=0x0) returned 0x4d [0228.749] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0228.749] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0228.750] GetFileType (hFile=0x44c) returned 0x1 [0228.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0228.750] GetFileType (hFile=0x44c) returned 0x1 [0228.753] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml", lpFilePart=0x0) returned 0x4d [0228.753] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.encrypted", lpFilePart=0x0) returned 0x57 [0228.753] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0228.753] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x3caa80e0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x650)) returned 1 [0228.753] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0228.753] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml.encrypted")) returned 1 [0228.754] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab", lpFilePart=0x0) returned 0x4a [0228.754] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0228.754] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0228.755] GetFileType (hFile=0x44c) returned 0x1 [0228.755] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0228.755] GetFileType (hFile=0x44c) returned 0x1 [0228.755] GetFileSize (in: hFile=0x44c, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x10a5df8 [0231.516] ReadFile (in: hFile=0x44c, lpBuffer=0x23441018, nNumberOfBytesToRead=0x10a5df8, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x23441018*, lpNumberOfBytesRead=0x3fe8e4*=0x10a5df8, lpOverlapped=0x0) returned 1 [0232.199] CloseHandle (hObject=0x44c) returned 1 [0234.449] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0234.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0234.471] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0234.477] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0234.482] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab", lpFilePart=0x0) returned 0x4a [0234.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0234.482] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0234.485] GetFileType (hFile=0x44c) returned 0x1 [0234.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0234.485] GetFileType (hFile=0x44c) returned 0x1 [0234.485] WriteFile (in: hFile=0x44c, lpBuffer=0xe441018*, nNumberOfBytesToWrite=0x10a5e00, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0xe441018*, lpNumberOfBytesWritten=0x3fe8d4*=0x10a5e00, lpOverlapped=0x0) returned 1 [0234.909] CloseHandle (hObject=0x44c) returned 1 [0234.910] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab", lpFilePart=0x0) returned 0x4a [0234.910] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab.encrypted", lpFilePart=0x0) returned 0x54 [0234.910] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0234.910] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x36db9d00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x36db9d00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x4056c000, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x10a5e00)) returned 1 [0234.910] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0234.911] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab.encrypted")) returned 1 [0234.913] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0234.913] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0234.913] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0234.914] GetFileType (hFile=0x44c) returned 0x1 [0234.914] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0234.914] GetFileType (hFile=0x44c) returned 0x1 [0234.914] GetFileSize (in: hFile=0x44c, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x7c4 [0234.914] ReadFile (in: hFile=0x44c, lpBuffer=0x24dc238, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x24dc238*, lpNumberOfBytesRead=0x3fe8e4*=0x7c4, lpOverlapped=0x0) returned 1 [0234.916] CloseHandle (hObject=0x44c) returned 1 [0234.981] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0234.981] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0234.981] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0234.981] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0234.981] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0234.981] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0234.981] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0234.982] GetFileType (hFile=0x44c) returned 0x1 [0234.982] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0234.982] GetFileType (hFile=0x44c) returned 0x1 [0234.982] WriteFile (in: hFile=0x44c, lpBuffer=0x252d624*, nNumberOfBytesToWrite=0x7d0, lpNumberOfBytesWritten=0x3fe8a8, lpOverlapped=0x0 | out: lpBuffer=0x252d624*, lpNumberOfBytesWritten=0x3fe8a8*=0x7d0, lpOverlapped=0x0) returned 1 [0234.983] CloseHandle (hObject=0x44c) returned 1 [0234.983] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0234.984] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0234.984] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0234.984] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x4062a6e0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x7d0)) returned 1 [0234.984] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0234.984] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0234.985] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0234.985] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0234.985] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0234.985] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e064d8 [0234.988] FindNextFileW (in: hFindFile=0x8e064d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.989] FindNextFileW (in: hFindFile=0x8e064d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x308ae9f0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x308ae9f0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5b55ce0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x265400, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProjectMUI.msi", cAlternateFileName="PROJEC~1.MSI")) returned 1 [0234.989] FindNextFileW (in: hFindFile=0x8e064d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30a2b7b0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x30a2b7b0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5b2ebe0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x5ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProjectMUI.xml", cAlternateFileName="PROJEC~1.XML")) returned 1 [0234.989] FindNextFileW (in: hFindFile=0x8e064d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30306de0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x30306de0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5b7cde0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x7e1dcd, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProjLR.cab", cAlternateFileName="")) returned 1 [0234.989] FindNextFileW (in: hFindFile=0x8e064d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x309dfcc0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x309dfcc0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5bc88d0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x750, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0234.989] FindNextFileW (in: hFindFile=0x8e064d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0234.990] FindClose (in: hFindFile=0x8e064d8 | out: hFindFile=0x8e064d8) returned 1 [0234.990] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0234.990] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0234.991] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0234.991] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0234.991] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0234.991] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e064d8 [0234.992] FindNextFileW (in: hFindFile=0x8e064d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.992] FindNextFileW (in: hFindFile=0x8e064d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x308ae9f0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x308ae9f0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5b55ce0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x265400, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProjectMUI.msi", cAlternateFileName="PROJEC~1.MSI")) returned 1 [0234.992] FindNextFileW (in: hFindFile=0x8e064d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30a2b7b0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x30a2b7b0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5b2ebe0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x5ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProjectMUI.xml", cAlternateFileName="PROJEC~1.XML")) returned 1 [0234.992] FindNextFileW (in: hFindFile=0x8e064d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30306de0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x30306de0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5b7cde0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x7e1dcd, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProjLR.cab", cAlternateFileName="")) returned 1 [0234.993] FindNextFileW (in: hFindFile=0x8e064d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x309dfcc0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x309dfcc0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5bc88d0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x750, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0234.993] FindNextFileW (in: hFindFile=0x8e064d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x309dfcc0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x309dfcc0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5bc88d0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x750, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0234.993] FindClose (in: hFindFile=0x8e064d8 | out: hFindFile=0x8e064d8) returned 1 [0234.994] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0234.994] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0234.994] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml", lpFilePart=0x0) returned 0x4d [0234.994] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0234.994] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0235.058] GetFileType (hFile=0x44c) returned 0x1 [0235.058] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0235.058] GetFileType (hFile=0x44c) returned 0x1 [0235.058] GetFileSize (in: hFile=0x44c, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x5ac [0235.059] ReadFile (in: hFile=0x44c, lpBuffer=0x25311e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x25311e8*, lpNumberOfBytesRead=0x3fe8e4*=0x5ac, lpOverlapped=0x0) returned 1 [0235.062] CloseHandle (hObject=0x44c) returned 1 [0235.077] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0235.077] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0235.077] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0235.077] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0235.077] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml", lpFilePart=0x0) returned 0x4d [0235.077] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0235.077] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0235.078] GetFileType (hFile=0x44c) returned 0x1 [0235.079] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0235.079] GetFileType (hFile=0x44c) returned 0x1 [0235.081] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml", lpFilePart=0x0) returned 0x4d [0235.081] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.encrypted", lpFilePart=0x0) returned 0x57 [0235.081] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0235.081] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30a2b7b0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x30a2b7b0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0x4070ef20, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x5b0)) returned 1 [0235.081] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0235.081] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml.encrypted")) returned 1 [0235.082] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab", lpFilePart=0x0) returned 0x49 [0235.083] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0235.083] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0235.083] GetFileType (hFile=0x44c) returned 0x1 [0235.084] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0235.084] GetFileType (hFile=0x44c) returned 0x1 [0235.084] GetFileSize (in: hFile=0x44c, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x7e1dcd [0235.126] ReadFile (in: hFile=0x44c, lpBuffer=0x34954d0, nNumberOfBytesToRead=0x7e1dcd, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x34954d0*, lpNumberOfBytesRead=0x3fe8e4*=0x7e1dcd, lpOverlapped=0x0) returned 1 [0235.272] CloseHandle (hObject=0x44c) returned 1 [0235.800] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0235.800] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0235.800] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0235.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0235.800] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab", lpFilePart=0x0) returned 0x49 [0235.800] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0235.800] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0235.809] GetFileType (hFile=0x44c) returned 0x1 [0235.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0235.809] GetFileType (hFile=0x44c) returned 0x1 [0235.809] WriteFile (in: hFile=0x44c, lpBuffer=0xa4e6e28*, nNumberOfBytesToWrite=0x7e1dd0, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0xa4e6e28*, lpNumberOfBytesWritten=0x3fe8d4*=0x7e1dd0, lpOverlapped=0x0) returned 1 [0236.000] CloseHandle (hObject=0x44c) returned 1 [0236.000] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab", lpFilePart=0x0) returned 0x49 [0236.000] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab.encrypted", lpFilePart=0x0) returned 0x53 [0236.000] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0236.000] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30306de0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x30306de0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0x40fd6040, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x7e1dd0)) returned 1 [0236.001] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0236.001] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab.encrypted")) returned 1 [0236.002] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0236.002] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0236.002] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0236.003] GetFileType (hFile=0x44c) returned 0x1 [0236.003] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0236.003] GetFileType (hFile=0x44c) returned 0x1 [0236.003] GetFileSize (in: hFile=0x44c, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x750 [0236.003] ReadFile (in: hFile=0x44c, lpBuffer=0x25d3b4c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x25d3b4c*, lpNumberOfBytesRead=0x3fe8e4*=0x750, lpOverlapped=0x0) returned 1 [0236.131] CloseHandle (hObject=0x44c) returned 1 [0236.188] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0236.188] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0236.188] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0236.188] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0236.188] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0236.188] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0236.188] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0236.189] GetFileType (hFile=0x44c) returned 0x1 [0236.189] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0236.189] GetFileType (hFile=0x44c) returned 0x1 [0236.191] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0236.191] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0236.191] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0236.191] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x309dfcc0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x309dfcc0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0x4119f0c0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x760)) returned 1 [0236.191] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0236.191] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0236.192] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0236.192] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0236.192] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0236.192] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e06658 [0236.251] FindNextFileW (in: hFindFile=0x8e06658, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.251] FindNextFileW (in: hFindFile=0x8e06658, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee4bb7b0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x3e7e1f, dwReserved0=0x0, dwReserved1=0x0, cFileName="GrooveLR.cab", cAlternateFileName="")) returned 1 [0236.251] FindNextFileW (in: hFindFile=0x8e06658, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee3b15e0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x264400, dwReserved0=0x0, dwReserved1=0x0, cFileName="GrooveMUI.msi", cAlternateFileName="GROOVE~1.MSI")) returned 1 [0236.252] FindNextFileW (in: hFindFile=0x8e06658, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x391, dwReserved0=0x0, dwReserved1=0x0, cFileName="GrooveMUI.xml", cAlternateFileName="GROOVE~1.XML")) returned 1 [0236.252] FindNextFileW (in: hFindFile=0x8e06658, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0236.252] FindNextFileW (in: hFindFile=0x8e06658, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0236.252] FindClose (in: hFindFile=0x8e06658 | out: hFindFile=0x8e06658) returned 1 [0236.253] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0236.253] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0236.253] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0236.253] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0236.253] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0236.253] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e06658 [0236.254] FindNextFileW (in: hFindFile=0x8e06658, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0236.254] FindNextFileW (in: hFindFile=0x8e06658, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee4bb7b0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x3e7e1f, dwReserved0=0x0, dwReserved1=0x0, cFileName="GrooveLR.cab", cAlternateFileName="")) returned 1 [0236.254] FindNextFileW (in: hFindFile=0x8e06658, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee3b15e0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x264400, dwReserved0=0x0, dwReserved1=0x0, cFileName="GrooveMUI.msi", cAlternateFileName="GROOVE~1.MSI")) returned 1 [0236.255] FindNextFileW (in: hFindFile=0x8e06658, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x391, dwReserved0=0x0, dwReserved1=0x0, cFileName="GrooveMUI.xml", cAlternateFileName="GROOVE~1.XML")) returned 1 [0236.255] FindNextFileW (in: hFindFile=0x8e06658, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0236.255] FindNextFileW (in: hFindFile=0x8e06658, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0236.255] FindClose (in: hFindFile=0x8e06658 | out: hFindFile=0x8e06658) returned 1 [0236.256] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0236.256] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0236.256] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab", lpFilePart=0x0) returned 0x4b [0236.256] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0236.256] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0236.258] GetFileType (hFile=0x44c) returned 0x1 [0236.258] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0236.258] GetFileType (hFile=0x44c) returned 0x1 [0236.258] GetFileSize (in: hFile=0x44c, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x3e7e1f [0236.272] ReadFile (in: hFile=0x44c, lpBuffer=0x3ccae90, nNumberOfBytesToRead=0x3e7e1f, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x3ccae90*, lpNumberOfBytesRead=0x3fe8e4*=0x3e7e1f, lpOverlapped=0x0) returned 1 [0236.784] CloseHandle (hObject=0x44c) returned 1 [0238.412] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0238.412] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0238.413] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.413] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0238.413] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab", lpFilePart=0x0) returned 0x4b [0238.413] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0238.413] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0238.421] GetFileType (hFile=0x44c) returned 0x1 [0238.421] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0238.421] GetFileType (hFile=0x44c) returned 0x1 [0238.421] WriteFile (in: hFile=0x44c, lpBuffer=0x54d0c58*, nNumberOfBytesToWrite=0x3e7e20, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0x54d0c58*, lpNumberOfBytesWritten=0x3fe8d4*=0x3e7e20, lpOverlapped=0x0) returned 1 [0238.536] CloseHandle (hObject=0x44c) returned 1 [0238.536] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab", lpFilePart=0x0) returned 0x4b [0238.536] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab.encrypted", lpFilePart=0x0) returned 0x55 [0238.537] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0238.537] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x42816060, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x3e7e20)) returned 1 [0238.537] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0238.537] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab.encrypted")) returned 1 [0238.538] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml", lpFilePart=0x0) returned 0x4c [0238.538] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0238.538] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0238.539] GetFileType (hFile=0x44c) returned 0x1 [0238.539] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0238.539] GetFileType (hFile=0x44c) returned 0x1 [0238.539] GetFileSize (in: hFile=0x44c, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x391 [0238.539] ReadFile (in: hFile=0x44c, lpBuffer=0x24dbbb4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x24dbbb4*, lpNumberOfBytesRead=0x3fe8e4*=0x391, lpOverlapped=0x0) returned 1 [0238.554] CloseHandle (hObject=0x44c) returned 1 [0238.622] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0238.623] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0238.623] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.623] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0238.623] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml", lpFilePart=0x0) returned 0x4c [0238.623] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0238.623] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0238.624] GetFileType (hFile=0x44c) returned 0x1 [0238.624] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0238.624] GetFileType (hFile=0x44c) returned 0x1 [0238.626] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml", lpFilePart=0x0) returned 0x4c [0238.626] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.encrypted", lpFilePart=0x0) returned 0x56 [0238.626] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0238.626] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x428d4740, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x3a0)) returned 1 [0238.626] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0238.626] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml.encrypted")) returned 1 [0238.628] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0238.628] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0238.628] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0238.628] GetFileType (hFile=0x44c) returned 0x1 [0238.628] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0238.628] GetFileType (hFile=0x44c) returned 0x1 [0238.628] GetFileSize (in: hFile=0x44c, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x5ac [0238.628] ReadFile (in: hFile=0x44c, lpBuffer=0x252cdf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x252cdf0*, lpNumberOfBytesRead=0x3fe8e4*=0x5ac, lpOverlapped=0x0) returned 1 [0238.630] CloseHandle (hObject=0x44c) returned 1 [0238.652] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0238.652] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0238.652] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.652] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0238.653] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0238.653] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0238.653] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0238.654] GetFileType (hFile=0x44c) returned 0x1 [0238.654] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0238.654] GetFileType (hFile=0x44c) returned 0x1 [0238.654] WriteFile (in: hFile=0x44c, lpBuffer=0x257cea8*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0x3fe8a8, lpOverlapped=0x0 | out: lpBuffer=0x257cea8*, lpNumberOfBytesWritten=0x3fe8a8*=0x5b0, lpOverlapped=0x0) returned 1 [0238.655] CloseHandle (hObject=0x44c) returned 1 [0238.656] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0238.656] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0238.656] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0238.656] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x42920a00, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x5b0)) returned 1 [0238.656] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0238.656] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0238.657] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0238.657] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0238.658] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0238.658] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e067d8 [0238.660] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0238.661] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0238.661] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xe84c60d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x91975, dwReserved0=0x0, dwReserved1=0x0, cFileName="branding.xml", cAlternateFileName="")) returned 1 [0238.661] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa26c9d00, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xa26c9d00, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0xe85142d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xccb88, dwReserved0=0x0, dwReserved1=0x0, cFileName="DW20.EXE", cAlternateFileName="")) returned 1 [0238.662] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabf60500, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xabf60500, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0xe85ab8b0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x80760, dwReserved0=0x0, dwReserved1=0x0, cFileName="dwdcw20.dll", cAlternateFileName="")) returned 1 [0238.662] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabf60500, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xabf60500, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0xe85f73a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x7eda0, dwReserved0=0x0, dwReserved1=0x0, cFileName="dwtrig20.exe", cAlternateFileName="")) returned 1 [0238.662] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8d646800, ftCreationTime.dwHighDateTime=0x1cacc53, ftLastAccessTime.dwLowDateTime=0x8d646800, ftLastAccessTime.dwHighDateTime=0x1cacc53, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x741, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.VC90.CRT.manifest", cAlternateFileName="MICROS~1.MAN")) returned 1 [0238.662] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c333b00, ftCreationTime.dwHighDateTime=0x1cacc53, ftLastAccessTime.dwLowDateTime=0x8c333b00, ftLastAccessTime.dwHighDateTime=0x1cacc53, ftLastWriteTime.dwLowDateTime=0xe86b5a80, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xa0200, dwReserved0=0x0, dwReserved1=0x0, cFileName="msvcr90.dll", cAlternateFileName="")) returned 1 [0238.663] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3ba05100, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3ba05100, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7e3b3f0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd79282, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeLR.cab", cAlternateFileName="")) returned 1 [0238.663] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3cd17e00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3cd17e00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7c4ba40, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x387e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeMUI.msi", cAlternateFileName="OFFICE~2.MSI")) returned 1 [0238.663] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7c27050, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x15b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeMUI.xml", cAlternateFileName="OFFICE~2.XML")) returned 1 [0238.663] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7b68970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeMUISet.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0238.663] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7b68970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x333, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeMUISet.xml", cAlternateFileName="OFFICE~1.XML")) returned 1 [0238.664] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc8b16200, ftCreationTime.dwHighDateTime=0x1cac190, ftLastAccessTime.dwLowDateTime=0xc8b16200, ftLastAccessTime.dwHighDateTime=0x1cac190, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2ed80, dwReserved0=0x0, dwReserved1=0x0, cFileName="osetupui.dll", cAlternateFileName="")) returned 1 [0238.664] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x77cbb000, ftCreationTime.dwHighDateTime=0x1cac57a, ftLastAccessTime.dwLowDateTime=0x77cbb000, ftLastAccessTime.dwHighDateTime=0x1cac57a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x6a3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="pss10r.chm", cAlternateFileName="")) returned 1 [0238.664] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cab9f00, ftCreationTime.dwHighDateTime=0x1cac8ad, ftLastAccessTime.dwLowDateTime=0x7cab9f00, ftLastAccessTime.dwHighDateTime=0x1cac8ad, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x10676, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup.chm", cAlternateFileName="")) returned 1 [0238.664] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x42c75f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x42c75f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2488, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0238.665] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x131a1c00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x131a1c00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xe84c60d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ShellUI.MST", cAlternateFileName="")) returned 1 [0238.665] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0238.665] FindClose (in: hFindFile=0x8e067d8 | out: hFindFile=0x8e067d8) returned 1 [0238.666] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0238.666] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0238.666] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0238.666] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0238.666] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0238.666] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e067d8 [0238.668] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0238.668] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0238.668] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xe84c60d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x91975, dwReserved0=0x0, dwReserved1=0x0, cFileName="branding.xml", cAlternateFileName="")) returned 1 [0238.668] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa26c9d00, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xa26c9d00, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0xe85142d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xccb88, dwReserved0=0x0, dwReserved1=0x0, cFileName="DW20.EXE", cAlternateFileName="")) returned 1 [0238.669] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabf60500, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xabf60500, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0xe85ab8b0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x80760, dwReserved0=0x0, dwReserved1=0x0, cFileName="dwdcw20.dll", cAlternateFileName="")) returned 1 [0238.669] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabf60500, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xabf60500, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0xe85f73a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x7eda0, dwReserved0=0x0, dwReserved1=0x0, cFileName="dwtrig20.exe", cAlternateFileName="")) returned 1 [0238.669] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8d646800, ftCreationTime.dwHighDateTime=0x1cacc53, ftLastAccessTime.dwLowDateTime=0x8d646800, ftLastAccessTime.dwHighDateTime=0x1cacc53, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x741, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.VC90.CRT.manifest", cAlternateFileName="MICROS~1.MAN")) returned 1 [0238.669] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c333b00, ftCreationTime.dwHighDateTime=0x1cacc53, ftLastAccessTime.dwLowDateTime=0x8c333b00, ftLastAccessTime.dwHighDateTime=0x1cacc53, ftLastWriteTime.dwLowDateTime=0xe86b5a80, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xa0200, dwReserved0=0x0, dwReserved1=0x0, cFileName="msvcr90.dll", cAlternateFileName="")) returned 1 [0238.669] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3ba05100, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3ba05100, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7e3b3f0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd79282, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeLR.cab", cAlternateFileName="")) returned 1 [0238.670] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3cd17e00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3cd17e00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7c4ba40, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x387e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeMUI.msi", cAlternateFileName="OFFICE~2.MSI")) returned 1 [0238.670] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7c27050, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x15b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeMUI.xml", cAlternateFileName="OFFICE~2.XML")) returned 1 [0238.670] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7b68970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeMUISet.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0238.670] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7b68970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x333, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeMUISet.xml", cAlternateFileName="OFFICE~1.XML")) returned 1 [0238.671] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc8b16200, ftCreationTime.dwHighDateTime=0x1cac190, ftLastAccessTime.dwLowDateTime=0xc8b16200, ftLastAccessTime.dwHighDateTime=0x1cac190, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2ed80, dwReserved0=0x0, dwReserved1=0x0, cFileName="osetupui.dll", cAlternateFileName="")) returned 1 [0238.671] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x77cbb000, ftCreationTime.dwHighDateTime=0x1cac57a, ftLastAccessTime.dwLowDateTime=0x77cbb000, ftLastAccessTime.dwHighDateTime=0x1cac57a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x6a3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="pss10r.chm", cAlternateFileName="")) returned 1 [0238.671] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cab9f00, ftCreationTime.dwHighDateTime=0x1cac8ad, ftLastAccessTime.dwLowDateTime=0x7cab9f00, ftLastAccessTime.dwHighDateTime=0x1cac8ad, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x10676, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup.chm", cAlternateFileName="")) returned 1 [0238.671] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x42c75f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x42c75f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2488, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0238.671] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x131a1c00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x131a1c00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xe84c60d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ShellUI.MST", cAlternateFileName="")) returned 1 [0238.671] FindNextFileW (in: hFindFile=0x8e067d8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x131a1c00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x131a1c00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xe84c60d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ShellUI.MST", cAlternateFileName="")) returned 0 [0238.672] FindClose (in: hFindFile=0x8e067d8 | out: hFindFile=0x8e067d8) returned 1 [0238.673] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0238.673] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0238.673] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml", lpFilePart=0x0) returned 0x4b [0238.673] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0238.673] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0238.675] GetFileType (hFile=0x44c) returned 0x1 [0238.675] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0238.675] GetFileType (hFile=0x44c) returned 0x1 [0238.675] GetFileSize (in: hFile=0x44c, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x91975 [0238.678] ReadFile (in: hFile=0x44c, lpBuffer=0x40b2cd0, nNumberOfBytesToRead=0x91975, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x40b2cd0*, lpNumberOfBytesRead=0x3fe8e4*=0x91975, lpOverlapped=0x0) returned 1 [0238.691] CloseHandle (hObject=0x44c) returned 1 [0238.757] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0238.757] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0238.757] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0238.757] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0238.757] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml", lpFilePart=0x0) returned 0x4b [0238.757] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0238.757] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0238.765] GetFileType (hFile=0x44c) returned 0x1 [0238.765] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0238.765] GetFileType (hFile=0x44c) returned 0x1 [0238.765] WriteFile (in: hFile=0x44c, lpBuffer=0x438ac88*, nNumberOfBytesToWrite=0x91980, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0x438ac88*, lpNumberOfBytesWritten=0x3fe8d4*=0x91980, lpOverlapped=0x0) returned 1 [0238.779] CloseHandle (hObject=0x44c) returned 1 [0238.779] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml", lpFilePart=0x0) returned 0x4b [0238.779] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml.encrypted", lpFilePart=0x0) returned 0x55 [0238.780] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0238.780] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0x42a51500, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x91980)) returned 1 [0238.780] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0238.780] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml.encrypted")) returned 1 [0238.781] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab", lpFilePart=0x0) returned 0x4b [0238.781] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0238.782] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0238.782] GetFileType (hFile=0x44c) returned 0x1 [0238.782] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0238.782] GetFileType (hFile=0x44c) returned 0x1 [0238.782] GetFileSize (in: hFile=0x44c, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0xd79282 [0238.826] ReadFile (in: hFile=0x44c, lpBuffer=0x5d01018, nNumberOfBytesToRead=0xd79282, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x5d01018*, lpNumberOfBytesRead=0x3fe8e4*=0xd79282, lpOverlapped=0x0) returned 1 [0239.177] CloseHandle (hObject=0x44c) returned 1 [0240.385] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0240.385] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0240.385] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0240.385] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0240.385] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab", lpFilePart=0x0) returned 0x4b [0240.385] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0240.385] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0240.391] GetFileType (hFile=0x44c) returned 0x1 [0240.391] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0240.391] GetFileType (hFile=0x44c) returned 0x1 [0240.391] WriteFile (in: hFile=0x44c, lpBuffer=0xc441018*, nNumberOfBytesToWrite=0xd79290, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0xc441018*, lpNumberOfBytesWritten=0x3fe8d4*=0xd79290, lpOverlapped=0x0) returned 1 [0240.727] CloseHandle (hObject=0x44c) returned 1 [0240.727] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab", lpFilePart=0x0) returned 0x4b [0240.727] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab.encrypted", lpFilePart=0x0) returned 0x55 [0240.727] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0240.727] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3ba05100, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3ba05100, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x43cea0e0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0xd79290)) returned 1 [0240.727] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0240.727] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab.encrypted")) returned 1 [0240.729] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml", lpFilePart=0x0) returned 0x4c [0240.729] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0240.729] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0240.729] GetFileType (hFile=0x44c) returned 0x1 [0240.729] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0240.729] GetFileType (hFile=0x44c) returned 0x1 [0240.729] GetFileSize (in: hFile=0x44c, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x15b5 [0240.729] ReadFile (in: hFile=0x44c, lpBuffer=0x24db820, nNumberOfBytesToRead=0x15b5, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x24db820*, lpNumberOfBytesRead=0x3fe8e4*=0x15b5, lpOverlapped=0x0) returned 1 [0240.731] CloseHandle (hObject=0x44c) returned 1 [0240.779] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0240.779] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0240.779] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0240.779] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0240.779] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml", lpFilePart=0x0) returned 0x4c [0240.779] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0240.779] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0240.780] GetFileType (hFile=0x44c) returned 0x1 [0240.780] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0240.780] GetFileType (hFile=0x44c) returned 0x1 [0240.780] WriteFile (in: hFile=0x44c, lpBuffer=0x250a91c*, nNumberOfBytesToWrite=0x15c0, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0x250a91c*, lpNumberOfBytesWritten=0x3fe8d4*=0x15c0, lpOverlapped=0x0) returned 1 [0240.781] CloseHandle (hObject=0x44c) returned 1 [0240.781] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml", lpFilePart=0x0) returned 0x4c [0240.782] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml.encrypted", lpFilePart=0x0) returned 0x56 [0240.782] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0240.782] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x43d5c500, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x15c0)) returned 1 [0240.782] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0240.782] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml.encrypted")) returned 1 [0240.783] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml", lpFilePart=0x0) returned 0x4f [0240.783] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0240.783] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0240.784] GetFileType (hFile=0x44c) returned 0x1 [0240.784] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0240.784] GetFileType (hFile=0x44c) returned 0x1 [0240.784] GetFileSize (in: hFile=0x44c, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x333 [0240.784] ReadFile (in: hFile=0x44c, lpBuffer=0x250c80c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x250c80c*, lpNumberOfBytesRead=0x3fe8e4*=0x333, lpOverlapped=0x0) returned 1 [0240.786] CloseHandle (hObject=0x44c) returned 1 [0240.833] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0240.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0240.833] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0240.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0240.833] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml", lpFilePart=0x0) returned 0x4f [0240.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0240.833] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0240.834] GetFileType (hFile=0x44c) returned 0x1 [0240.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0240.834] GetFileType (hFile=0x44c) returned 0x1 [0240.836] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml", lpFilePart=0x0) returned 0x4f [0240.836] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml.encrypted", lpFilePart=0x0) returned 0x59 [0240.836] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0240.836] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x43df4a80, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x340)) returned 1 [0240.836] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0240.836] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml.encrypted")) returned 1 [0240.837] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0240.837] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0240.837] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0240.837] GetFileType (hFile=0x44c) returned 0x1 [0240.837] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0240.837] GetFileType (hFile=0x44c) returned 0x1 [0240.838] GetFileSize (in: hFile=0x44c, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x2488 [0240.838] ReadFile (in: hFile=0x44c, lpBuffer=0x255cd8c, nNumberOfBytesToRead=0x2488, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x255cd8c*, lpNumberOfBytesRead=0x3fe8e4*=0x2488, lpOverlapped=0x0) returned 1 [0240.840] CloseHandle (hObject=0x44c) returned 1 [0240.856] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0240.856] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0240.856] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0240.856] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0240.856] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0240.856] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0240.856] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0240.857] GetFileType (hFile=0x44c) returned 0x1 [0240.858] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0240.858] GetFileType (hFile=0x44c) returned 0x1 [0240.858] WriteFile (in: hFile=0x44c, lpBuffer=0x25b5208*, nNumberOfBytesToWrite=0x2490, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0x25b5208*, lpNumberOfBytesWritten=0x3fe8d4*=0x2490, lpOverlapped=0x0) returned 1 [0240.859] CloseHandle (hObject=0x44c) returned 1 [0240.859] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0240.859] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0240.859] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0240.859] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x42c75f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x42c75f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x43e1abe0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x2490)) returned 1 [0240.859] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0240.859] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0240.860] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe908) returned 1 [0240.861] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033", nBufferLength=0x105, lpBuffer=0x3fe410, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033", lpFilePart=0x0) returned 0x43 [0240.861] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\", lpFilePart=0x0) returned 0x44 [0240.861] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\*", lpFindFileData=0x3fe630 | out: lpFindFileData=0x3fe630*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e06a58 [0240.862] FindNextFileW (in: hFindFile=0x8e06a58, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0240.862] FindNextFileW (in: hFindFile=0x8e06a58, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a35700, ftCreationTime.dwHighDateTime=0x1cac9d7, ftLastAccessTime.dwLowDateTime=0x6a35700, ftLastAccessTime.dwHighDateTime=0x1cac9d7, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1a588, dwReserved0=0x0, dwReserved1=0x0, cFileName="dwintl20.dll", cAlternateFileName="")) returned 1 [0240.862] FindNextFileW (in: hFindFile=0x8e06a58, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0240.863] FindClose (in: hFindFile=0x8e06a58 | out: hFindFile=0x8e06a58) returned 1 [0240.863] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8c8) returned 1 [0240.863] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0240.863] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe908) returned 1 [0240.863] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033", nBufferLength=0x105, lpBuffer=0x3fe410, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033", lpFilePart=0x0) returned 0x43 [0240.863] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\", lpFilePart=0x0) returned 0x44 [0240.863] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\*", lpFindFileData=0x3fe630 | out: lpFindFileData=0x3fe630*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e06a58 [0240.863] FindNextFileW (in: hFindFile=0x8e06a58, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0240.864] FindNextFileW (in: hFindFile=0x8e06a58, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a35700, ftCreationTime.dwHighDateTime=0x1cac9d7, ftLastAccessTime.dwLowDateTime=0x6a35700, ftLastAccessTime.dwHighDateTime=0x1cac9d7, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1a588, dwReserved0=0x0, dwReserved1=0x0, cFileName="dwintl20.dll", cAlternateFileName="")) returned 1 [0240.864] FindNextFileW (in: hFindFile=0x8e06a58, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a35700, ftCreationTime.dwHighDateTime=0x1cac9d7, ftLastAccessTime.dwLowDateTime=0x6a35700, ftLastAccessTime.dwHighDateTime=0x1cac9d7, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1a588, dwReserved0=0x0, dwReserved1=0x0, cFileName="dwintl20.dll", cAlternateFileName="")) returned 0 [0240.864] FindClose (in: hFindFile=0x8e06a58 | out: hFindFile=0x8e06a58) returned 1 [0240.864] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8c8) returned 1 [0240.864] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0240.864] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0240.864] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0240.864] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0240.864] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e06a58 [0240.870] FindNextFileW (in: hFindFile=0x8e06a58, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0240.870] FindNextFileW (in: hFindFile=0x8e06a58, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Access.en-us", cAlternateFileName="ACCESS~1.EN-")) returned 1 [0240.870] FindNextFileW (in: hFindFile=0x8e06a58, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa160f00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccessMUISet.msi", cAlternateFileName="ACCESS~1.MSI")) returned 1 [0240.870] FindNextFileW (in: hFindFile=0x8e06a58, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x333, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccessMUISet.xml", cAlternateFileName="ACCESS~1.XML")) returned 1 [0240.870] FindNextFileW (in: hFindFile=0x8e06a58, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc111bb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xa40, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0240.871] FindNextFileW (in: hFindFile=0x8e06a58, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0240.871] FindClose (in: hFindFile=0x8e06a58 | out: hFindFile=0x8e06a58) returned 1 [0240.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0240.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0240.872] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0240.872] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0240.872] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0240.872] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e06a58 [0240.873] FindNextFileW (in: hFindFile=0x8e06a58, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0240.874] FindNextFileW (in: hFindFile=0x8e06a58, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Access.en-us", cAlternateFileName="ACCESS~1.EN-")) returned 1 [0240.874] FindNextFileW (in: hFindFile=0x8e06a58, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa160f00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccessMUISet.msi", cAlternateFileName="ACCESS~1.MSI")) returned 1 [0240.874] FindNextFileW (in: hFindFile=0x8e06a58, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x333, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccessMUISet.xml", cAlternateFileName="ACCESS~1.XML")) returned 1 [0240.874] FindNextFileW (in: hFindFile=0x8e06a58, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc111bb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xa40, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0240.874] FindNextFileW (in: hFindFile=0x8e06a58, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc111bb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xa40, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0240.874] FindClose (in: hFindFile=0x8e06a58 | out: hFindFile=0x8e06a58) returned 1 [0240.875] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0240.875] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0240.876] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml", lpFilePart=0x0) returned 0x4f [0240.876] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0240.876] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0240.877] GetFileType (hFile=0x44c) returned 0x1 [0240.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0240.877] GetFileType (hFile=0x44c) returned 0x1 [0240.877] GetFileSize (in: hFile=0x44c, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x333 [0240.877] ReadFile (in: hFile=0x44c, lpBuffer=0x25bbc6c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x25bbc6c*, lpNumberOfBytesRead=0x3fe8e4*=0x333, lpOverlapped=0x0) returned 1 [0240.879] CloseHandle (hObject=0x44c) returned 1 [0240.895] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0240.896] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0240.896] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0240.896] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0240.896] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml", lpFilePart=0x0) returned 0x4f [0240.896] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0240.896] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0240.897] GetFileType (hFile=0x44c) returned 0x1 [0240.897] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0240.897] GetFileType (hFile=0x44c) returned 0x1 [0240.897] WriteFile (in: hFile=0x44c, lpBuffer=0x260acdc*, nNumberOfBytesToWrite=0x340, lpNumberOfBytesWritten=0x3fe8a8, lpOverlapped=0x0 | out: lpBuffer=0x260acdc*, lpNumberOfBytesWritten=0x3fe8a8*=0x340, lpOverlapped=0x0) returned 1 [0240.898] CloseHandle (hObject=0x44c) returned 1 [0240.898] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml", lpFilePart=0x0) returned 0x4f [0240.898] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml.encrypted", lpFilePart=0x0) returned 0x59 [0240.898] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0240.898] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x43e8d000, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x340)) returned 1 [0240.898] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0240.898] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml.encrypted")) returned 1 [0240.899] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0240.900] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0240.900] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0240.900] GetFileType (hFile=0x44c) returned 0x1 [0240.900] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0240.900] GetFileType (hFile=0x44c) returned 0x1 [0240.900] GetFileSize (in: hFile=0x44c, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0xa40 [0240.900] ReadFile (in: hFile=0x44c, lpBuffer=0x260ca94, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x260ca94*, lpNumberOfBytesRead=0x3fe8e4*=0xa40, lpOverlapped=0x0) returned 1 [0240.902] CloseHandle (hObject=0x44c) returned 1 [0240.924] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0240.924] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0240.924] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0240.924] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0240.924] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0240.925] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0240.925] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0240.926] GetFileType (hFile=0x44c) returned 0x1 [0240.926] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0240.926] GetFileType (hFile=0x44c) returned 0x1 [0240.927] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml", lpFilePart=0x0) returned 0x48 [0240.927] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted", lpFilePart=0x0) returned 0x52 [0240.927] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0240.927] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x43ed92c0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0xa50)) returned 1 [0240.927] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0240.927] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml.encrypted")) returned 1 [0240.928] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe908) returned 1 [0240.928] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us", nBufferLength=0x105, lpBuffer=0x3fe410, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us", lpFilePart=0x0) returned 0x4b [0240.928] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\", lpFilePart=0x0) returned 0x4c [0240.928] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\*", lpFindFileData=0x3fe630 | out: lpFindFileData=0x3fe630*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e06b58 [0240.933] FindNextFileW (in: hFindFile=0x8e06b58, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0240.933] FindNextFileW (in: hFindFile=0x8e06b58, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa623330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x266a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccessMUI.msi", cAlternateFileName="ACCESS~1.MSI")) returned 1 [0240.933] FindNextFileW (in: hFindFile=0x8e06b58, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa5fe940, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x545, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccessMUI.xml", cAlternateFileName="ACCESS~1.XML")) returned 1 [0240.933] FindNextFileW (in: hFindFile=0x8e06b58, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3216e900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3216e900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa64a430, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1ab7e94, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccLR.cab", cAlternateFileName="")) returned 1 [0240.933] FindNextFileW (in: hFindFile=0x8e06b58, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xfc0c60c0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x91975, dwReserved0=0x0, dwReserved1=0x0, cFileName="branding.xml", cAlternateFileName="")) returned 1 [0240.934] FindNextFileW (in: hFindFile=0x8e06b58, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0240.934] FindClose (in: hFindFile=0x8e06b58 | out: hFindFile=0x8e06b58) returned 1 [0240.934] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8c8) returned 1 [0240.935] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0240.935] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe908) returned 1 [0240.935] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us", nBufferLength=0x105, lpBuffer=0x3fe410, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us", lpFilePart=0x0) returned 0x4b [0240.935] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\", nBufferLength=0x105, lpBuffer=0x3fe3e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\", lpFilePart=0x0) returned 0x4c [0240.935] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\*", lpFindFileData=0x3fe630 | out: lpFindFileData=0x3fe630*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e06b58 [0240.936] FindNextFileW (in: hFindFile=0x8e06b58, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0240.936] FindNextFileW (in: hFindFile=0x8e06b58, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa623330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x266a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccessMUI.msi", cAlternateFileName="ACCESS~1.MSI")) returned 1 [0240.936] FindNextFileW (in: hFindFile=0x8e06b58, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa5fe940, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x545, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccessMUI.xml", cAlternateFileName="ACCESS~1.XML")) returned 1 [0240.936] FindNextFileW (in: hFindFile=0x8e06b58, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3216e900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3216e900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa64a430, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1ab7e94, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccLR.cab", cAlternateFileName="")) returned 1 [0240.936] FindNextFileW (in: hFindFile=0x8e06b58, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xfc0c60c0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x91975, dwReserved0=0x0, dwReserved1=0x0, cFileName="branding.xml", cAlternateFileName="")) returned 1 [0240.936] FindNextFileW (in: hFindFile=0x8e06b58, lpFindFileData=0x3fe640 | out: lpFindFileData=0x3fe640*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xfc0c60c0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x91975, dwReserved0=0x0, dwReserved1=0x0, cFileName="branding.xml", cAlternateFileName="")) returned 0 [0240.937] FindClose (in: hFindFile=0x8e06b58 | out: hFindFile=0x8e06b58) returned 1 [0240.937] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8c8) returned 1 [0240.937] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8d4) returned 1 [0240.937] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe2fc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", lpFilePart=0x0) returned 0x59 [0240.937] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7f0) returned 1 [0240.938] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0240.939] GetFileType (hFile=0x44c) returned 0x1 [0240.939] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7ec) returned 1 [0240.939] GetFileType (hFile=0x44c) returned 0x1 [0240.939] GetFileSize (in: hFile=0x44c, lpFileSizeHigh=0x3fe8f8 | out: lpFileSizeHigh=0x3fe8f8*=0x0) returned 0x545 [0240.939] ReadFile (in: hFile=0x44c, lpBuffer=0x2661ddc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3fe8a4, lpOverlapped=0x0 | out: lpBuffer=0x2661ddc*, lpNumberOfBytesRead=0x3fe8a4*=0x545, lpOverlapped=0x0) returned 1 [0240.941] CloseHandle (hObject=0x44c) returned 1 [0240.956] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0240.956] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe870) returned 1 [0240.956] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe8ec | out: lpFileInformation=0x3fe8ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0240.956] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe86c) returned 1 [0240.956] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe2e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", lpFilePart=0x0) returned 0x59 [0240.956] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7d8) returned 1 [0240.956] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0240.957] GetFileType (hFile=0x44c) returned 0x1 [0240.957] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7d4) returned 1 [0240.957] GetFileType (hFile=0x44c) returned 0x1 [0240.958] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", nBufferLength=0x105, lpBuffer=0x3fe41c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", lpFilePart=0x0) returned 0x59 [0240.958] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe41c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml.encrypted", lpFilePart=0x0) returned 0x63 [0240.958] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe87c) returned 1 [0240.958] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe8f8 | out: lpFileInformation=0x3fe8f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x43f25580, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x550)) returned 1 [0240.958] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe878) returned 1 [0240.958] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml.encrypted")) returned 1 [0240.959] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab", nBufferLength=0x105, lpBuffer=0x3fe2fc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab", lpFilePart=0x0) returned 0x55 [0240.959] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7f0) returned 1 [0240.959] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0240.960] GetFileType (hFile=0x44c) returned 0x1 [0240.960] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7ec) returned 1 [0240.960] GetFileType (hFile=0x44c) returned 0x1 [0240.960] GetFileSize (in: hFile=0x44c, lpFileSizeHigh=0x3fe8f8 | out: lpFileSizeHigh=0x3fe8f8*=0x0) returned 0x1ab7e94 [0241.034] ReadFile (in: hFile=0x44c, lpBuffer=0xd441018, nNumberOfBytesToRead=0x1ab7e94, lpNumberOfBytesRead=0x3fe8a4, lpOverlapped=0x0 | out: lpBuffer=0xd441018*, lpNumberOfBytesRead=0x3fe8a4*=0x1ab7e94, lpOverlapped=0x0) returned 1 [0241.687] CloseHandle (hObject=0x44c) returned 1 [0245.179] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0245.179] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe870) returned 1 [0245.179] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe8ec | out: lpFileInformation=0x3fe8ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0245.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe86c) returned 1 [0245.180] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab", nBufferLength=0x105, lpBuffer=0x3fe2e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab", lpFilePart=0x0) returned 0x55 [0245.180] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7d8) returned 1 [0245.180] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0245.183] GetFileType (hFile=0x44c) returned 0x1 [0245.183] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7d4) returned 1 [0245.183] GetFileType (hFile=0x44c) returned 0x1 [0245.183] WriteFile (in: hFile=0x44c, lpBuffer=0x17441018*, nNumberOfBytesToWrite=0x1ab7ea0, lpNumberOfBytesWritten=0x3fe894, lpOverlapped=0x0 | out: lpBuffer=0x17441018*, lpNumberOfBytesWritten=0x3fe894*=0x1ab7ea0, lpOverlapped=0x0) returned 1 [0247.567] CloseHandle (hObject=0x44c) returned 1 [0247.568] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab", nBufferLength=0x105, lpBuffer=0x3fe41c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab", lpFilePart=0x0) returned 0x55 [0247.569] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab.encrypted", nBufferLength=0x105, lpBuffer=0x3fe41c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab.encrypted", lpFilePart=0x0) returned 0x5f [0247.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe87c) returned 1 [0247.569] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab"), fInfoLevelId=0x0, lpFileInformation=0x3fe8f8 | out: lpFileInformation=0x3fe8f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3216e900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3216e900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x47e13b20, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x1ab7ea0)) returned 1 [0247.569] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe878) returned 1 [0247.569] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab.encrypted")) returned 1 [0247.572] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml", nBufferLength=0x105, lpBuffer=0x3fe2fc, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml", lpFilePart=0x0) returned 0x58 [0247.572] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7f0) returned 1 [0247.572] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0247.573] GetFileType (hFile=0x44c) returned 0x1 [0247.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7ec) returned 1 [0247.573] GetFileType (hFile=0x44c) returned 0x1 [0247.573] GetFileSize (in: hFile=0x44c, lpFileSizeHigh=0x3fe8f8 | out: lpFileSizeHigh=0x3fe8f8*=0x0) returned 0x91975 [0247.577] ReadFile (in: hFile=0x44c, lpBuffer=0x34954d0, nNumberOfBytesToRead=0x91975, lpNumberOfBytesRead=0x3fe8a4, lpOverlapped=0x0 | out: lpBuffer=0x34954d0*, lpNumberOfBytesRead=0x3fe8a4*=0x91975, lpOverlapped=0x0) returned 1 [0247.639] CloseHandle (hObject=0x44c) returned 1 [0247.721] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe410, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0247.721] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe870) returned 1 [0247.721] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe8ec | out: lpFileInformation=0x3fe8ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0247.721] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe86c) returned 1 [0247.721] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml", nBufferLength=0x105, lpBuffer=0x3fe2e4, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml", lpFilePart=0x0) returned 0x58 [0247.722] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe7d8) returned 1 [0247.722] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0247.727] GetFileType (hFile=0x44c) returned 0x1 [0247.728] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe7d4) returned 1 [0247.728] GetFileType (hFile=0x44c) returned 0x1 [0247.728] WriteFile (in: hFile=0x44c, lpBuffer=0x376d488*, nNumberOfBytesToWrite=0x91980, lpNumberOfBytesWritten=0x3fe894, lpOverlapped=0x0 | out: lpBuffer=0x376d488*, lpNumberOfBytesWritten=0x3fe894*=0x91980, lpOverlapped=0x0) returned 1 [0247.737] CloseHandle (hObject=0x44c) returned 1 [0247.737] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml", nBufferLength=0x105, lpBuffer=0x3fe41c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml", lpFilePart=0x0) returned 0x58 [0247.738] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe41c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml.encrypted", lpFilePart=0x0) returned 0x62 [0247.738] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe87c) returned 1 [0247.738] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe8f8 | out: lpFileInformation=0x3fe8f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0x47fb6a40, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x91980)) returned 1 [0247.738] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe878) returned 1 [0247.738] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml.encrypted" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml.encrypted")) returned 1 [0247.739] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0247.739] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0247.739] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0247.740] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e06cd8 [0247.751] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0247.751] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x34ae1a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x34ae1a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xfe0c2860, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1e6600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32WW.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0247.752] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x940c2a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x940c2a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xfe09b760, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x10b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32WW.xml", cAlternateFileName="OFFICE~1.XML")) returned 1 [0247.752] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf885a000, ftCreationTime.dwHighDateTime=0x1cac4d7, ftLastAccessTime.dwLowDateTime=0xf885a000, ftLastAccessTime.dwHighDateTime=0x1cac4d7, ftLastWriteTime.dwLowDateTime=0x17c42c30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x2a968, dwReserved0=0x0, dwReserved1=0x0, cFileName="ose.exe", cAlternateFileName="")) returned 1 [0247.752] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd900f00, ftCreationTime.dwHighDateTime=0x1cac15b, ftLastAccessTime.dwLowDateTime=0xbd900f00, ftLastAccessTime.dwHighDateTime=0x1cac15b, ftLastWriteTime.dwLowDateTime=0x16854390, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x709768, dwReserved0=0x0, dwReserved1=0x0, cFileName="osetup.dll", cAlternateFileName="")) returned 1 [0247.752] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x147e5b00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x147e5b00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xff654fc0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x228df5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="OWOW32WW.cab", cAlternateFileName="")) returned 1 [0247.752] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe3a02e00, ftCreationTime.dwHighDateTime=0x1cac5f7, ftLastAccessTime.dwLowDateTime=0xe3a02e00, ftLastAccessTime.dwHighDateTime=0x1cac5f7, ftLastWriteTime.dwLowDateTime=0x17e0dbf0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x165510, dwReserved0=0x0, dwReserved1=0x0, cFileName="PidGenX.dll", cAlternateFileName="")) returned 1 [0247.752] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe06a9500, ftCreationTime.dwHighDateTime=0x1cac7e5, ftLastAccessTime.dwLowDateTime=0xe06a9500, ftLastAccessTime.dwHighDateTime=0x1cac7e5, ftLastWriteTime.dwLowDateTime=0x17c42c30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xaec3a, dwReserved0=0x0, dwReserved1=0x0, cFileName="pkeyconfig-office.xrm-ms", cAlternateFileName="PKEYCO~1.XRM")) returned 1 [0247.753] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbb2e2000, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbb2e2000, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x170fe40, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x1a41c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProPlusrWW.msi", cAlternateFileName="PROPLU~1.MSI")) returned 1 [0247.753] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x170fe40, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x41d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProPlusrWW.xml", cAlternateFileName="PROPLU~1.XML")) returned 1 [0247.753] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x262b2700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x262b2700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x1ffd0c0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xa97cbdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProPrWW.cab", cAlternateFileName="")) returned 1 [0247.753] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf14900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbf14900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xc96ff40, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xd49ee31, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProPrWW2.cab", cAlternateFileName="")) returned 1 [0247.753] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec13c00, ftCreationTime.dwHighDateTime=0x1cac15b, ftLastAccessTime.dwLowDateTime=0xbec13c00, ftLastAccessTime.dwHighDateTime=0x1cac15b, ftLastWriteTime.dwLowDateTime=0x1682d290, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x150578, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup.exe", cAlternateFileName="")) returned 1 [0247.753] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x18177c50, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x7976, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0247.754] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0247.754] FindClose (in: hFindFile=0x8e06cd8 | out: hFindFile=0x8e06cd8) returned 1 [0247.755] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0247.755] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0247.755] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe948) returned 1 [0247.755] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C", lpFilePart=0x0) returned 0x3e [0247.755] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\", nBufferLength=0x105, lpBuffer=0x3fe424, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\", lpFilePart=0x0) returned 0x3f [0247.755] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x3fe670 | out: lpFindFileData=0x3fe670*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8e06cd8 [0247.756] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0247.756] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x34ae1a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x34ae1a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xfe0c2860, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1e6600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32WW.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0247.757] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x940c2a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x940c2a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xfe09b760, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x10b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32WW.xml", cAlternateFileName="OFFICE~1.XML")) returned 1 [0247.757] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf885a000, ftCreationTime.dwHighDateTime=0x1cac4d7, ftLastAccessTime.dwLowDateTime=0xf885a000, ftLastAccessTime.dwHighDateTime=0x1cac4d7, ftLastWriteTime.dwLowDateTime=0x17c42c30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x2a968, dwReserved0=0x0, dwReserved1=0x0, cFileName="ose.exe", cAlternateFileName="")) returned 1 [0247.757] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd900f00, ftCreationTime.dwHighDateTime=0x1cac15b, ftLastAccessTime.dwLowDateTime=0xbd900f00, ftLastAccessTime.dwHighDateTime=0x1cac15b, ftLastWriteTime.dwLowDateTime=0x16854390, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x709768, dwReserved0=0x0, dwReserved1=0x0, cFileName="osetup.dll", cAlternateFileName="")) returned 1 [0247.757] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x147e5b00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x147e5b00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xff654fc0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x228df5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="OWOW32WW.cab", cAlternateFileName="")) returned 1 [0247.758] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe3a02e00, ftCreationTime.dwHighDateTime=0x1cac5f7, ftLastAccessTime.dwLowDateTime=0xe3a02e00, ftLastAccessTime.dwHighDateTime=0x1cac5f7, ftLastWriteTime.dwLowDateTime=0x17e0dbf0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x165510, dwReserved0=0x0, dwReserved1=0x0, cFileName="PidGenX.dll", cAlternateFileName="")) returned 1 [0247.758] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe06a9500, ftCreationTime.dwHighDateTime=0x1cac7e5, ftLastAccessTime.dwLowDateTime=0xe06a9500, ftLastAccessTime.dwHighDateTime=0x1cac7e5, ftLastWriteTime.dwLowDateTime=0x17c42c30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xaec3a, dwReserved0=0x0, dwReserved1=0x0, cFileName="pkeyconfig-office.xrm-ms", cAlternateFileName="PKEYCO~1.XRM")) returned 1 [0247.758] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbb2e2000, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbb2e2000, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x170fe40, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x1a41c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProPlusrWW.msi", cAlternateFileName="PROPLU~1.MSI")) returned 1 [0247.758] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x170fe40, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x41d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProPlusrWW.xml", cAlternateFileName="PROPLU~1.XML")) returned 1 [0247.758] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x262b2700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x262b2700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x1ffd0c0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xa97cbdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProPrWW.cab", cAlternateFileName="")) returned 1 [0247.759] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf14900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbf14900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xc96ff40, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xd49ee31, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProPrWW2.cab", cAlternateFileName="")) returned 1 [0247.759] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec13c00, ftCreationTime.dwHighDateTime=0x1cac15b, ftLastAccessTime.dwLowDateTime=0xbec13c00, ftLastAccessTime.dwHighDateTime=0x1cac15b, ftLastWriteTime.dwLowDateTime=0x1682d290, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x150578, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup.exe", cAlternateFileName="")) returned 1 [0247.759] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x18177c50, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x7976, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0247.759] FindNextFileW (in: hFindFile=0x8e06cd8, lpFindFileData=0x3fe680 | out: lpFindFileData=0x3fe680*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x18177c50, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x7976, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0247.759] FindClose (in: hFindFile=0x8e06cd8 | out: hFindFile=0x8e06cd8) returned 1 [0247.760] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe908) returned 1 [0247.760] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe914) returned 1 [0247.761] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml", lpFilePart=0x0) returned 0x4d [0247.761] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0247.761] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0247.763] GetFileType (hFile=0x44c) returned 0x1 [0247.763] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0247.763] GetFileType (hFile=0x44c) returned 0x1 [0247.763] GetFileSize (in: hFile=0x44c, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x10b2 [0247.763] ReadFile (in: hFile=0x44c, lpBuffer=0x2533328, nNumberOfBytesToRead=0x10b2, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x2533328*, lpNumberOfBytesRead=0x3fe8e4*=0x10b2, lpOverlapped=0x0) returned 1 [0247.765] CloseHandle (hObject=0x44c) returned 1 [0247.783] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0247.783] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0247.783] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0247.783] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0247.783] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml", lpFilePart=0x0) returned 0x4d [0247.783] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0247.783] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0247.784] GetFileType (hFile=0x44c) returned 0x1 [0247.784] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0247.784] GetFileType (hFile=0x44c) returned 0x1 [0247.784] WriteFile (in: hFile=0x44c, lpBuffer=0x2585498*, nNumberOfBytesToWrite=0x10c0, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0x2585498*, lpNumberOfBytesWritten=0x3fe8d4*=0x10c0, lpOverlapped=0x0) returned 1 [0247.785] CloseHandle (hObject=0x44c) returned 1 [0247.786] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml", lpFilePart=0x0) returned 0x4d [0247.786] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml.encrypted", lpFilePart=0x0) returned 0x57 [0247.786] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0247.786] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x940c2a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x940c2a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0x48028e60, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x10c0)) returned 1 [0247.786] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0247.786] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml.encrypted" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml.encrypted")) returned 1 [0247.787] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab", lpFilePart=0x0) returned 0x4b [0247.787] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0247.787] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0247.788] GetFileType (hFile=0x44c) returned 0x1 [0247.788] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0247.788] GetFileType (hFile=0x44c) returned 0x1 [0247.788] GetFileSize (in: hFile=0x44c, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x228df5c [0247.891] ReadFile (in: hFile=0x44c, lpBuffer=0x19441018, nNumberOfBytesToRead=0x228df5c, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x19441018*, lpNumberOfBytesRead=0x3fe8e4*=0x228df5c, lpOverlapped=0x0) returned 1 [0248.688] CloseHandle (hObject=0x44c) returned 1 [0252.768] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0252.768] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0252.768] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0252.768] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0252.768] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab", lpFilePart=0x0) returned 0x4b [0252.768] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0252.768] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0252.771] GetFileType (hFile=0x44c) returned 0x1 [0252.772] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0252.772] GetFileType (hFile=0x44c) returned 0x1 [0252.772] WriteFile (in: hFile=0x44c, lpBuffer=0xc441018*, nNumberOfBytesToWrite=0x228df60, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0xc441018*, lpNumberOfBytesWritten=0x3fe8d4*=0x228df60, lpOverlapped=0x0) returned 1 [0255.047] CloseHandle (hObject=0x44c) returned 1 [0255.048] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab", lpFilePart=0x0) returned 0x4b [0255.048] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.encrypted", lpFilePart=0x0) returned 0x55 [0255.048] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0255.048] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x147e5b00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x147e5b00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0x4c556dc0, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x228df60)) returned 1 [0255.048] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0255.048] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.encrypted" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab.encrypted")) returned 1 [0255.049] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml", lpFilePart=0x0) returned 0x4d [0255.049] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0255.049] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0255.078] GetFileType (hFile=0x44c) returned 0x1 [0255.078] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0255.078] GetFileType (hFile=0x44c) returned 0x1 [0255.078] GetFileSize (in: hFile=0x44c, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0x41d4 [0255.078] ReadFile (in: hFile=0x44c, lpBuffer=0x24e16d4, nNumberOfBytesToRead=0x41d4, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x24e16d4*, lpNumberOfBytesRead=0x3fe8e4*=0x41d4, lpOverlapped=0x0) returned 1 [0255.080] CloseHandle (hObject=0x44c) returned 1 [0255.145] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", nBufferLength=0x105, lpBuffer=0x3fe450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README", lpFilePart=0x0) returned 0x2c [0255.145] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8b0) returned 1 [0255.145] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\readme"), fInfoLevelId=0x0, lpFileInformation=0x3fe92c | out: lpFileInformation=0x3fe92c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0255.145] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8ac) returned 1 [0255.145] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml", nBufferLength=0x105, lpBuffer=0x3fe324, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml", lpFilePart=0x0) returned 0x4d [0255.145] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe818) returned 1 [0255.145] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0255.148] GetFileType (hFile=0x44c) returned 0x1 [0255.148] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe814) returned 1 [0255.148] GetFileType (hFile=0x44c) returned 0x1 [0255.148] WriteFile (in: hFile=0x44c, lpBuffer=0x2543ab0*, nNumberOfBytesToWrite=0x41e0, lpNumberOfBytesWritten=0x3fe8d4, lpOverlapped=0x0 | out: lpBuffer=0x2543ab0*, lpNumberOfBytesWritten=0x3fe8d4*=0x41e0, lpOverlapped=0x0) returned 1 [0255.149] CloseHandle (hObject=0x44c) returned 1 [0255.149] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml", lpFilePart=0x0) returned 0x4d [0255.149] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml.encrypted", nBufferLength=0x105, lpBuffer=0x3fe45c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml.encrypted", lpFilePart=0x0) returned 0x57 [0255.149] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe8bc) returned 1 [0255.149] GetFileAttributesExW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml"), fInfoLevelId=0x0, lpFileInformation=0x3fe938 | out: lpFileInformation=0x3fe938*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x4c63b600, ftLastWriteTime.dwHighDateTime=0x1d5f0a9, nFileSizeHigh=0x0, nFileSizeLow=0x41e0)) returned 1 [0255.150] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe8b8) returned 1 [0255.150] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml.encrypted" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml.encrypted")) returned 1 [0255.151] GetFullPathNameW (in: lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab", nBufferLength=0x105, lpBuffer=0x3fe33c, lpFilePart=0x0 | out: lpBuffer="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab", lpFilePart=0x0) returned 0x4a [0255.151] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3fe830) returned 1 [0255.151] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x44c [0255.158] GetFileType (hFile=0x44c) returned 0x1 [0255.158] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3fe82c) returned 1 [0255.158] GetFileType (hFile=0x44c) returned 0x1 [0255.158] GetFileSize (in: hFile=0x44c, lpFileSizeHigh=0x3fe938 | out: lpFileSizeHigh=0x3fe938*=0x0) returned 0xa97cbdb [0255.636] ReadFile (in: hFile=0x44c, lpBuffer=0x1c441018, nNumberOfBytesToRead=0xa97cbdb, lpNumberOfBytesRead=0x3fe8e4, lpOverlapped=0x0 | out: lpBuffer=0x1c441018*, lpNumberOfBytesRead=0x3fe8e4*=0xa97cbdb, lpOverlapped=0x0) returned 1 [0260.302] CloseHandle (hObject=0x44c) returned 1 Thread: id = 223 os_tid = 0x514 Thread: id = 224 os_tid = 0x504 [0132.492] CoGetContextToken (in: pToken=0x23af9fc | out: pToken=0x23af9fc) returned 0x800401f0 [0132.500] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0169.401] CoGetContextToken (in: pToken=0x23af9f0 | out: pToken=0x23af9f0) returned 0x0 [0169.401] CoGetContextToken (in: pToken=0x23af978 | out: pToken=0x23af978) returned 0x0 [0169.401] WbemLocator:IUnknown:Release (This=0x8bb0b30) returned 0x1 [0169.401] WbemLocator:IUnknown:Release (This=0x8bb0b30) returned 0x0 [0169.401] CoGetContextToken (in: pToken=0x23af9f0 | out: pToken=0x23af9f0) returned 0x0 [0169.401] CoGetContextToken (in: pToken=0x23af978 | out: pToken=0x23af978) returned 0x0 [0169.401] WbemDefPath:IUnknown:Release (This=0x8bb0820) returned 0x1 [0169.401] WbemDefPath:IUnknown:Release (This=0x8bb0820) returned 0x0 [0169.401] CoGetContextToken (in: pToken=0x23af9f0 | out: pToken=0x23af9f0) returned 0x0 [0169.401] IUnknown:QueryInterface (in: This=0x53c308, riid=0x75073c98*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x23af998 | out: ppvObject=0x23af998*=0x53c318) returned 0x0 [0169.402] CObjectContext::ContextCallback () Thread: id = 225 os_tid = 0x4f8 Thread: id = 268 os_tid = 0x5f0 [0155.982] CoGetContextToken (in: pToken=0x4d5fbcc | out: pToken=0x4d5fbcc) returned 0x0 [0155.982] IUnknown:QueryInterface (in: This=0x53c478, riid=0x7511d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4d5fbf0 | out: ppvObject=0x4d5fbf0*=0x53c484) returned 0x0 [0155.982] IComThreadingInfo:GetCurrentThreadType (in: This=0x53c484, pThreadType=0x4d5fc1c | out: pThreadType=0x4d5fc1c*=0) returned 0x0 [0155.982] IUnknown:Release (This=0x53c484) returned 0x1 Thread: id = 269 os_tid = 0x320 Thread: id = 270 os_tid = 0x348 [0140.665] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0140.765] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x85eeea4 | out: lpiid=0x85eeea4) returned 0x0 [0140.767] CoGetClassObject (in: rclsid=0x570a2c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7507d1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x85eebb8 | out: ppv=0x85eebb8*=0x8bb0810) returned 0x0 [0140.954] WbemDefPath:IUnknown:QueryInterface (in: This=0x8bb0810, riid=0x750b0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x85eedd0 | out: ppvObject=0x85eedd0*=0x0) returned 0x80004002 [0140.954] WbemDefPath:IClassFactory:CreateInstance (in: This=0x8bb0810, pUnkOuter=0x0, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x85eede4 | out: ppvObject=0x85eede4*=0x8bb0820) returned 0x0 [0140.954] WbemDefPath:IUnknown:Release (This=0x8bb0810) returned 0x0 [0140.954] WbemDefPath:IUnknown:QueryInterface (in: This=0x8bb0820, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x85eea04 | out: ppvObject=0x85eea04*=0x8bb0820) returned 0x0 [0140.956] WbemDefPath:IUnknown:QueryInterface (in: This=0x8bb0820, riid=0x7511fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x85ee9c0 | out: ppvObject=0x85ee9c0*=0x0) returned 0x80004002 [0140.956] WbemDefPath:IUnknown:AddRef (This=0x8bb0820) returned 0x3 [0140.956] WbemDefPath:IUnknown:QueryInterface (in: This=0x8bb0820, riid=0x7511f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x85ee31c | out: ppvObject=0x85ee31c*=0x0) returned 0x80004002 [0140.956] WbemDefPath:IUnknown:QueryInterface (in: This=0x8bb0820, riid=0x7511f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x85ee2cc | out: ppvObject=0x85ee2cc*=0x0) returned 0x80004002 [0140.956] WbemDefPath:IUnknown:QueryInterface (in: This=0x8bb0820, riid=0x7510c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x85ee2d8 | out: ppvObject=0x85ee2d8*=0x570260) returned 0x0 [0140.956] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x570260, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x85ee2e0 | out: pCid=0x85ee2e0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0140.956] WbemDefPath:IUnknown:Release (This=0x570260) returned 0x3 [0140.956] CoGetContextToken (in: pToken=0x85ee338 | out: pToken=0x85ee338) returned 0x0 [0140.957] CoGetContextToken (in: pToken=0x85ee740 | out: pToken=0x85ee740) returned 0x0 [0140.957] WbemDefPath:IUnknown:QueryInterface (in: This=0x8bb0820, riid=0x7511fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x85ee7d0 | out: ppvObject=0x85ee7d0*=0x0) returned 0x80004002 [0140.957] WbemDefPath:IUnknown:Release (This=0x8bb0820) returned 0x2 [0140.957] WbemDefPath:IUnknown:Release (This=0x8bb0820) returned 0x1 [0140.959] SetEvent (hEvent=0x250) returned 1 [0140.970] CoGetClassObject (in: rclsid=0x570a2c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7507d1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x85eebb8 | out: ppv=0x85eebb8*=0x8bb08f0) returned 0x0 [0140.971] WbemDefPath:IUnknown:QueryInterface (in: This=0x8bb08f0, riid=0x750b0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x85eedd0 | out: ppvObject=0x85eedd0*=0x0) returned 0x80004002 [0140.971] WbemDefPath:IClassFactory:CreateInstance (in: This=0x8bb08f0, pUnkOuter=0x0, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x85eede4 | out: ppvObject=0x85eede4*=0x8bb0998) returned 0x0 [0140.971] WbemDefPath:IUnknown:Release (This=0x8bb08f0) returned 0x0 [0140.971] WbemDefPath:IUnknown:QueryInterface (in: This=0x8bb0998, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x85eea04 | out: ppvObject=0x85eea04*=0x8bb0998) returned 0x0 [0140.971] WbemDefPath:IUnknown:QueryInterface (in: This=0x8bb0998, riid=0x7511fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x85ee9c0 | out: ppvObject=0x85ee9c0*=0x0) returned 0x80004002 [0140.971] WbemDefPath:IUnknown:AddRef (This=0x8bb0998) returned 0x3 [0140.971] WbemDefPath:IUnknown:QueryInterface (in: This=0x8bb0998, riid=0x7511f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x85ee31c | out: ppvObject=0x85ee31c*=0x0) returned 0x80004002 [0140.971] WbemDefPath:IUnknown:QueryInterface (in: This=0x8bb0998, riid=0x7511f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x85ee2cc | out: ppvObject=0x85ee2cc*=0x0) returned 0x80004002 [0140.971] WbemDefPath:IUnknown:QueryInterface (in: This=0x8bb0998, riid=0x7510c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x85ee2d8 | out: ppvObject=0x85ee2d8*=0x570280) returned 0x0 [0140.971] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x570280, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x85ee2e0 | out: pCid=0x85ee2e0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0140.971] WbemDefPath:IUnknown:Release (This=0x570280) returned 0x3 [0140.971] CoGetContextToken (in: pToken=0x85ee338 | out: pToken=0x85ee338) returned 0x0 [0140.971] CoGetContextToken (in: pToken=0x85ee740 | out: pToken=0x85ee740) returned 0x0 [0140.971] WbemDefPath:IUnknown:QueryInterface (in: This=0x8bb0998, riid=0x7511fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x85ee7d0 | out: ppvObject=0x85ee7d0*=0x0) returned 0x80004002 [0140.972] WbemDefPath:IUnknown:Release (This=0x8bb0998) returned 0x2 [0140.972] WbemDefPath:IUnknown:Release (This=0x8bb0998) returned 0x1 [0140.972] SetEvent (hEvent=0x2b4) returned 1 [0143.378] CoGetClassObject (in: rclsid=0x570a2c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x7507d1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x85eebb8 | out: ppv=0x85eebb8*=0x8bb0b40) returned 0x0 [0143.379] WbemDefPath:IUnknown:QueryInterface (in: This=0x8bb0b40, riid=0x750b0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x85eedd0 | out: ppvObject=0x85eedd0*=0x0) returned 0x80004002 [0143.379] WbemDefPath:IClassFactory:CreateInstance (in: This=0x8bb0b40, pUnkOuter=0x0, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x85eede4 | out: ppvObject=0x85eede4*=0x8bbca30) returned 0x0 [0143.379] WbemDefPath:IUnknown:Release (This=0x8bb0b40) returned 0x0 [0143.379] WbemDefPath:IUnknown:QueryInterface (in: This=0x8bbca30, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x85eea04 | out: ppvObject=0x85eea04*=0x8bbca30) returned 0x0 [0143.379] WbemDefPath:IUnknown:QueryInterface (in: This=0x8bbca30, riid=0x7511fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x85ee9c0 | out: ppvObject=0x85ee9c0*=0x0) returned 0x80004002 [0143.379] WbemDefPath:IUnknown:AddRef (This=0x8bbca30) returned 0x3 [0143.379] WbemDefPath:IUnknown:QueryInterface (in: This=0x8bbca30, riid=0x7511f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x85ee31c | out: ppvObject=0x85ee31c*=0x0) returned 0x80004002 [0143.379] WbemDefPath:IUnknown:QueryInterface (in: This=0x8bbca30, riid=0x7511f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x85ee2cc | out: ppvObject=0x85ee2cc*=0x0) returned 0x80004002 [0143.379] WbemDefPath:IUnknown:QueryInterface (in: This=0x8bbca30, riid=0x7510c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x85ee2d8 | out: ppvObject=0x85ee2d8*=0x5a2dc0) returned 0x0 [0143.380] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5a2dc0, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x85ee2e0 | out: pCid=0x85ee2e0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0143.380] WbemDefPath:IUnknown:Release (This=0x5a2dc0) returned 0x3 [0143.380] CoGetContextToken (in: pToken=0x85ee338 | out: pToken=0x85ee338) returned 0x0 [0143.380] CoGetContextToken (in: pToken=0x85ee740 | out: pToken=0x85ee740) returned 0x0 [0143.380] WbemDefPath:IUnknown:QueryInterface (in: This=0x8bbca30, riid=0x7511fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x85ee7d0 | out: ppvObject=0x85ee7d0*=0x0) returned 0x80004002 [0143.380] WbemDefPath:IUnknown:Release (This=0x8bbca30) returned 0x2 [0143.380] WbemDefPath:IUnknown:Release (This=0x8bbca30) returned 0x1 [0143.380] SetEvent (hEvent=0x31c) returned 1 Thread: id = 271 os_tid = 0x34c Thread: id = 272 os_tid = 0x5e8 Thread: id = 273 os_tid = 0x314 Thread: id = 274 os_tid = 0x324 [0140.983] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0140.983] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x8d0f30c | out: lpiid=0x8d0f30c) returned 0x0 [0140.985] CoGetClassObject (in: rclsid=0x570abc*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x7507d1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x8d0f020 | out: ppv=0x8d0f020*=0x8bb0928) returned 0x0 [0141.119] WbemLocator:IUnknown:QueryInterface (in: This=0x8bb0928, riid=0x750b0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8d0f238 | out: ppvObject=0x8d0f238*=0x0) returned 0x80004002 [0141.119] WbemLocator:IClassFactory:CreateInstance (in: This=0x8bb0928, pUnkOuter=0x0, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8d0f24c | out: ppvObject=0x8d0f24c*=0x8bb0b30) returned 0x0 [0141.119] WbemLocator:IUnknown:Release (This=0x8bb0928) returned 0x0 [0141.119] WbemLocator:IUnknown:QueryInterface (in: This=0x8bb0b30, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8d0ee6c | out: ppvObject=0x8d0ee6c*=0x8bb0b30) returned 0x0 [0141.119] WbemLocator:IUnknown:QueryInterface (in: This=0x8bb0b30, riid=0x7511fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8d0ee28 | out: ppvObject=0x8d0ee28*=0x0) returned 0x80004002 [0141.119] WbemLocator:IUnknown:AddRef (This=0x8bb0b30) returned 0x3 [0141.120] WbemLocator:IUnknown:QueryInterface (in: This=0x8bb0b30, riid=0x7511f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8d0e784 | out: ppvObject=0x8d0e784*=0x0) returned 0x80004002 [0141.120] WbemLocator:IUnknown:QueryInterface (in: This=0x8bb0b30, riid=0x7511f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8d0e734 | out: ppvObject=0x8d0e734*=0x0) returned 0x80004002 [0141.120] WbemLocator:IUnknown:QueryInterface (in: This=0x8bb0b30, riid=0x7510c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8d0e740 | out: ppvObject=0x8d0e740*=0x0) returned 0x80004002 [0141.120] CoGetContextToken (in: pToken=0x8d0e7a0 | out: pToken=0x8d0e7a0) returned 0x0 [0141.121] CoGetObjectContext (in: riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x58b674 | out: ppv=0x58b674*=0x53c478) returned 0x0 [0141.122] CoGetContextToken (in: pToken=0x8d0eba8 | out: pToken=0x8d0eba8) returned 0x0 [0141.123] WbemLocator:IUnknown:QueryInterface (in: This=0x8bb0b30, riid=0x7511fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8d0ec38 | out: ppvObject=0x8d0ec38*=0x0) returned 0x80004002 [0141.123] WbemLocator:IUnknown:Release (This=0x8bb0b30) returned 0x2 [0141.123] WbemLocator:IUnknown:Release (This=0x8bb0b30) returned 0x1 [0141.124] CoGetContextToken (in: pToken=0x8d0f218 | out: pToken=0x8d0f218) returned 0x0 [0141.124] CoGetContextToken (in: pToken=0x8d0f178 | out: pToken=0x8d0f178) returned 0x0 [0141.124] WbemLocator:IUnknown:QueryInterface (in: This=0x8bb0b30, riid=0x8d0f248*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x8d0f244 | out: ppvObject=0x8d0f244*=0x8bb0b30) returned 0x0 [0141.124] WbemLocator:IUnknown:AddRef (This=0x8bb0b30) returned 0x3 [0141.124] WbemLocator:IUnknown:Release (This=0x8bb0b30) returned 0x2 [0141.129] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x8bb0998, puCount=0x8d0f3dc | out: puCount=0x8d0f3dc*=0x2) returned 0x0 [0141.129] WbemDefPath:IWbemPath:GetText (in: This=0x8bb0998, lFlags=8, puBuffLength=0x8d0f3d8*=0x0, pszText=0x0 | out: puBuffLength=0x8d0f3d8*=0xf, pszText=0x0) returned 0x0 [0141.129] WbemDefPath:IWbemPath:GetText (in: This=0x8bb0998, lFlags=8, puBuffLength=0x8d0f3d8*=0xf, pszText="00000000000000" | out: puBuffLength=0x8d0f3d8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0141.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x8d0e660, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0141.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x8d0eb60, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", lpUsedDefaultChar=0x0) returned 63 [0141.140] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x74540000 [0141.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x8d0eb94, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecurity\x1aetÎÛ\x8c¶\x94ÂýtXîÐ\x08¨ØX", lpUsedDefaultChar=0x0) returned 13 [0141.221] GetProcAddress (hModule=0x74540000, lpProcName="ResetSecurity") returned 0x745424de [0141.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x8d0eb94, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity", lpUsedDefaultChar=0x0) returned 11 [0141.235] GetProcAddress (hModule=0x74540000, lpProcName="SetSecurity") returned 0x74542520 [0141.247] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x8d0eb90, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 18 [0141.248] GetProcAddress (hModule=0x74540000, lpProcName="BlessIWbemServices") returned 0x74541c69 [0141.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x8d0eb88, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObjectD\x1aetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 24 [0141.281] GetProcAddress (hModule=0x74540000, lpProcName="BlessIWbemServicesObject") returned 0x74541cbb [0141.312] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x8d0eb90, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandle\x1aetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 17 [0141.312] GetProcAddress (hModule=0x74540000, lpProcName="GetPropertyHandle") returned 0x745421b4 [0141.335] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x8d0eb90, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValueetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 18 [0141.335] GetProcAddress (hModule=0x74540000, lpProcName="WritePropertyValue") returned 0x74542617 [0141.362] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x8d0eb9c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1aetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 5 [0141.362] GetProcAddress (hModule=0x74540000, lpProcName="Clone") returned 0x74541d0d [0141.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x8d0eb90, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey", lpUsedDefaultChar=0x0) returned 15 [0141.372] GetProcAddress (hModule=0x74540000, lpProcName="VerifyClientKey") returned 0x745425b4 [0141.378] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetQualifierSet", cchWideChar=15, lpMultiByteStr=0x8d0eb90, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetQualifierSet", lpUsedDefaultChar=0x0) returned 15 [0141.379] GetProcAddress (hModule=0x74540000, lpProcName="GetQualifierSet") returned 0x74542215 [0141.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get", cchWideChar=3, lpMultiByteStr=0x8d0eb9c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get", lpUsedDefaultChar=0x0) returned 3 [0141.381] GetProcAddress (hModule=0x74540000, lpProcName="Get") returned 0x745420d4 [0141.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x8d0eb9c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put", lpUsedDefaultChar=0x0) returned 3 [0141.410] GetProcAddress (hModule=0x74540000, lpProcName="Put") returned 0x745422be [0141.434] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x8d0eb9c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 6 [0141.434] GetProcAddress (hModule=0x74540000, lpProcName="Delete") returned 0x74541f31 [0141.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x8d0eb98, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNamesD\x1aetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 8 [0141.450] GetProcAddress (hModule=0x74540000, lpProcName="GetNames") returned 0x74542182 [0141.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x8d0eb90, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumerationD\x1aetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 16 [0141.480] GetProcAddress (hModule=0x74540000, lpProcName="BeginEnumeration") returned 0x74541c43 [0141.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x8d0eb9c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextD\x1aetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 4 [0141.489] GetProcAddress (hModule=0x74540000, lpProcName="Next") returned 0x74542283 [0141.509] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x8d0eb94, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumerationetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 14 [0141.509] GetProcAddress (hModule=0x74540000, lpProcName="EndEnumeration") returned 0x74541fc2 [0141.519] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x8d0eb88, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet", lpUsedDefaultChar=0x0) returned 23 [0141.519] GetProcAddress (hModule=0x74540000, lpProcName="GetPropertyQualifierSet") returned 0x745421ff [0141.536] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x8d0eb9c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1aetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 5 [0141.537] GetProcAddress (hModule=0x74540000, lpProcName="Clone") returned 0x74541d0d [0141.537] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x8d0eb94, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectText\x1aetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 13 [0141.537] GetProcAddress (hModule=0x74540000, lpProcName="GetObjectText") returned 0x7454219e [0141.553] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x8d0eb90, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClass\x1aetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 17 [0141.553] GetProcAddress (hModule=0x74540000, lpProcName="SpawnDerivedClass") returned 0x74542566 [0141.564] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnInstance", cchWideChar=13, lpMultiByteStr=0x8d0eb94, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnInstance\x1aetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 13 [0141.564] GetProcAddress (hModule=0x74540000, lpProcName="SpawnInstance") returned 0x7454257c [0141.565] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CompareTo", cchWideChar=9, lpMultiByteStr=0x8d0eb98, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CompareTo\x1aetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 9 [0141.566] GetProcAddress (hModule=0x74540000, lpProcName="CompareTo") returned 0x74541d8d [0141.577] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyOrigin", cchWideChar=17, lpMultiByteStr=0x8d0eb90, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyOrigin\x1aetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 17 [0141.577] GetProcAddress (hModule=0x74540000, lpProcName="GetPropertyOrigin") returned 0x745421e9 [0141.596] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="InheritsFrom", cchWideChar=12, lpMultiByteStr=0x8d0eb94, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InheritsFromD\x1aetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 12 [0141.597] GetProcAddress (hModule=0x74540000, lpProcName="InheritsFrom") returned 0x74542228 [0141.598] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethod", cchWideChar=9, lpMultiByteStr=0x8d0eb98, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethod\x1aetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 9 [0141.599] GetProcAddress (hModule=0x74540000, lpProcName="GetMethod") returned 0x7454213a [0141.614] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutMethod", cchWideChar=9, lpMultiByteStr=0x8d0eb98, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutMethod\x1aetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 9 [0141.614] GetProcAddress (hModule=0x74540000, lpProcName="PutMethod") returned 0x745423da [0141.627] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DeleteMethod", cchWideChar=12, lpMultiByteStr=0x8d0eb94, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteMethodD\x1aetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 12 [0141.627] GetProcAddress (hModule=0x74540000, lpProcName="DeleteMethod") returned 0x74541f44 [0141.629] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginMethodEnumeration", cchWideChar=22, lpMultiByteStr=0x8d0eb8c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginMethodEnumerationetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 22 [0141.630] GetProcAddress (hModule=0x74540000, lpProcName="BeginMethodEnumeration") returned 0x74541c56 [0141.631] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NextMethod", cchWideChar=10, lpMultiByteStr=0x8d0eb98, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextMethodetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 10 [0141.632] GetProcAddress (hModule=0x74540000, lpProcName="NextMethod") returned 0x745422a2 [0141.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndMethodEnumeration", cchWideChar=20, lpMultiByteStr=0x8d0eb8c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndMethodEnumerationD\x1aetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 20 [0141.648] GetProcAddress (hModule=0x74540000, lpProcName="EndMethodEnumeration") returned 0x74541fd2 [0141.650] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodQualifierSet", cchWideChar=21, lpMultiByteStr=0x8d0eb8c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodQualifierSet\x1aetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 21 [0141.650] GetProcAddress (hModule=0x74540000, lpProcName="GetMethodQualifierSet") returned 0x7454216c [0141.651] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodOrigin", cchWideChar=15, lpMultiByteStr=0x8d0eb90, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodOrigin", lpUsedDefaultChar=0x0) returned 15 [0141.652] GetProcAddress (hModule=0x74540000, lpProcName="GetMethodOrigin") returned 0x74542156 [0141.653] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Get", cchWideChar=16, lpMultiByteStr=0x8d0eb90, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetD\x1aetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 16 [0141.653] GetProcAddress (hModule=0x74540000, lpProcName="QualifierSet_Get") returned 0x7454242c [0141.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Put", cchWideChar=16, lpMultiByteStr=0x8d0eb90, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_PutD\x1aetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 16 [0141.674] GetProcAddress (hModule=0x74540000, lpProcName="QualifierSet_Put") returned 0x7454247a [0141.690] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Delete", cchWideChar=19, lpMultiByteStr=0x8d0eb8c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Delete", lpUsedDefaultChar=0x0) returned 19 [0141.690] GetProcAddress (hModule=0x74540000, lpProcName="QualifierSet_Delete") returned 0x74542409 [0141.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_BeginEnumeration", cchWideChar=29, lpMultiByteStr=0x8d0eb84, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_BeginEnumeration\x1aetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 29 [0141.709] GetProcAddress (hModule=0x74540000, lpProcName="QualifierSet_BeginEnumeration") returned 0x745423f6 [0141.711] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Next", cchWideChar=17, lpMultiByteStr=0x8d0eb90, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Next\x1aetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 17 [0141.711] GetProcAddress (hModule=0x74540000, lpProcName="QualifierSet_Next") returned 0x7454245e [0141.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_EndEnumeration", cchWideChar=27, lpMultiByteStr=0x8d0eb84, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_EndEnumeration", lpUsedDefaultChar=0x0) returned 27 [0141.727] GetProcAddress (hModule=0x74540000, lpProcName="QualifierSet_EndEnumeration") returned 0x7454241c [0141.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetCurrentApartmentType", cchWideChar=23, lpMultiByteStr=0x8d0eb88, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentApartmentType", lpUsedDefaultChar=0x0) returned 23 [0141.728] GetProcAddress (hModule=0x74540000, lpProcName="GetCurrentApartmentType") returned 0x74542215 [0141.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDemultiplexedStub", cchWideChar=20, lpMultiByteStr=0x8d0eb8c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDemultiplexedStubD\x1aetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 20 [0141.737] GetProcAddress (hModule=0x74540000, lpProcName="GetDemultiplexedStub") returned 0x745420f3 [0141.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateInstanceEnumWmi", cchWideChar=21, lpMultiByteStr=0x8d0eb8c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateInstanceEnumWmi\x1aetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 21 [0141.755] GetProcAddress (hModule=0x74540000, lpProcName="CreateInstanceEnumWmi") returned 0x74541ebb [0141.768] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateClassEnumWmi", cchWideChar=18, lpMultiByteStr=0x8d0eb90, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateClassEnumWmietÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 18 [0141.768] GetProcAddress (hModule=0x74540000, lpProcName="CreateClassEnumWmi") returned 0x74541e45 [0141.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecQueryWmi", cchWideChar=12, lpMultiByteStr=0x8d0eb94, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecQueryWmiD\x1aetÎÛ\x8c¶\x94ÂýtXîÐ\x08", lpUsedDefaultChar=0x0) returned 12 [0141.770] GetProcAddress (hModule=0x74540000, lpProcName="ExecQueryWmi") returned 0x7454205b [0141.786] CoCreateInstance (in: rclsid=0x74541284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x745412e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x8d0f2b4 | out: ppv=0x8d0f2b4*=0x8bb0b40) returned 0x0 [0141.786] WbemLocator:IWbemLocator:ConnectServer (in: This=0x8bb0b40, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x8d0f348 | out: ppNamespace=0x8d0f348*=0x8bbd334) returned 0x0 [0142.981] WbemLocator:IUnknown:QueryInterface (in: This=0x8bbd334, riid=0x74541104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8d0f1e4 | out: ppvObject=0x8d0f1e4*=0x594a44) returned 0x0 [0142.981] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x594a44, pProxy=0x8bbd334, pAuthnSvc=0x8d0f234, pAuthzSvc=0x8d0f230, pServerPrincName=0x8d0f228, pAuthnLevel=0x8d0f22c, pImpLevel=0x8d0f21c, pAuthInfo=0x8d0f220, pCapabilites=0x8d0f224 | out: pAuthnSvc=0x8d0f234*=0xa, pAuthzSvc=0x8d0f230*=0x0, pServerPrincName=0x8d0f228, pAuthnLevel=0x8d0f22c*=0x6, pImpLevel=0x8d0f21c*=0x2, pAuthInfo=0x8d0f220, pCapabilites=0x8d0f224*=0x1) returned 0x0 [0142.981] WbemLocator:IUnknown:Release (This=0x594a44) returned 0x1 [0142.981] WbemLocator:IUnknown:QueryInterface (in: This=0x8bbd334, riid=0x745410f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8d0f1d8 | out: ppvObject=0x8d0f1d8*=0x594a64) returned 0x0 [0142.981] WbemLocator:IUnknown:QueryInterface (in: This=0x8bbd334, riid=0x74541104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8d0f1d4 | out: ppvObject=0x8d0f1d4*=0x594a44) returned 0x0 [0142.982] WbemLocator:IClientSecurity:SetBlanket (This=0x594a44, pProxy=0x8bbd334, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0142.982] WbemLocator:IUnknown:Release (This=0x594a44) returned 0x2 [0142.982] WbemLocator:IUnknown:Release (This=0x594a64) returned 0x1 [0142.982] CoTaskMemFree (pv=0x593f78) [0142.982] WbemLocator:IUnknown:Release (This=0x8bb0b40) returned 0x0 [0142.982] WbemLocator:IUnknown:QueryInterface (in: This=0x8bbd334, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8d0edd4 | out: ppvObject=0x8d0edd4*=0x594a64) returned 0x0 [0142.982] WbemLocator:IUnknown:QueryInterface (in: This=0x594a64, riid=0x7511fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x8d0ed90 | out: ppvObject=0x8d0ed90*=0x0) returned 0x80004002 [0142.982] WbemLocator:IUnknown:QueryInterface (in: This=0x594a64, riid=0x7511fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x8d0ebac | out: ppvObject=0x8d0ebac*=0x0) returned 0x80004002 [0142.983] WbemLocator:IUnknown:AddRef (This=0x594a64) returned 0x3 [0142.983] WbemLocator:IUnknown:QueryInterface (in: This=0x594a64, riid=0x7511f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x8d0e6ec | out: ppvObject=0x8d0e6ec*=0x0) returned 0x80004002 [0142.983] WbemLocator:IUnknown:QueryInterface (in: This=0x594a64, riid=0x7511f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x8d0e69c | out: ppvObject=0x8d0e69c*=0x0) returned 0x80004002 [0142.983] WbemLocator:IUnknown:QueryInterface (in: This=0x594a64, riid=0x7510c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8d0e6a8 | out: ppvObject=0x8d0e6a8*=0x5949c4) returned 0x0 [0142.984] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x5949c4, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x8d0e6b0 | out: pCid=0x8d0e6b0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0142.984] WbemLocator:IUnknown:Release (This=0x5949c4) returned 0x3 [0142.984] CoGetContextToken (in: pToken=0x8d0e708 | out: pToken=0x8d0e708) returned 0x0 [0142.984] CoGetContextToken (in: pToken=0x8d0eb10 | out: pToken=0x8d0eb10) returned 0x0 [0142.984] WbemLocator:IUnknown:QueryInterface (in: This=0x594a64, riid=0x7511fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x8d0eba0 | out: ppvObject=0x8d0eba0*=0x594a4c) returned 0x0 [0143.034] WbemLocator:IRpcOptions:Query (in: This=0x594a4c, pPrx=0x594a64, dwProperty=2, pdwValue=0x8d0ebc8 | out: pdwValue=0x8d0ebc8) returned 0x80004002 [0143.034] WbemLocator:IUnknown:Release (This=0x594a4c) returned 0x3 [0143.034] WbemLocator:IUnknown:Release (This=0x594a64) returned 0x2 [0143.035] CoGetContextToken (in: pToken=0x8d0f0e8 | out: pToken=0x8d0f0e8) returned 0x0 [0143.035] CoGetContextToken (in: pToken=0x8d0f048 | out: pToken=0x8d0f048) returned 0x0 [0143.035] WbemLocator:IUnknown:QueryInterface (in: This=0x594a64, riid=0x8d0f118*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x8d0f114 | out: ppvObject=0x8d0f114*=0x8bbd334) returned 0x0 [0143.035] WbemLocator:IUnknown:AddRef (This=0x8bbd334) returned 0x4 [0143.035] WbemLocator:IUnknown:Release (This=0x8bbd334) returned 0x3 [0143.035] WbemLocator:IUnknown:Release (This=0x8bbd334) returned 0x2 [0143.052] SysStringLen (param_1=0x0) returned 0x0 [0143.053] CoUninitialize () Thread: id = 275 os_tid = 0x310 Thread: id = 276 os_tid = 0x360 [0143.096] CoGetContextToken (in: pToken=0x8d4f4e0 | out: pToken=0x8d4f4e0) returned 0x0 [0143.096] CoGetContextToken (in: pToken=0x8d4f4d0 | out: pToken=0x8d4f4d0) returned 0x0 [0143.097] CoGetMarshalSizeMax (in: pulSize=0x8d4f48c, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x594a64, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x8d4f48c) returned 0x0 [0143.097] CoMarshalInterface (pStm=0x56f500, riid=0x74fee814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x594a64, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 Thread: id = 286 os_tid = 0x6b0 Thread: id = 287 os_tid = 0x488 [0165.106] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0165.108] ResetEvent (hEvent=0x368) returned 1 [0269.298] shutdown (s=0x49c, how=2) returned 0 [0269.304] setsockopt (s=0x49c, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0269.304] closesocket (s=0x49c) returned 0 Thread: id = 288 os_tid = 0x638 [0183.822] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0186.161] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0186.547] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0194.015] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0194.513] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0214.116] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0214.350] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0214.658] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0214.979] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0228.983] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0229.362] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0237.092] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0243.860] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 [0249.300] SleepEx (dwMilliseconds=0x1, bAlertable=0) returned 0x0 Thread: id = 296 os_tid = 0x5b4 Thread: id = 299 os_tid = 0x5cc Process: id = "11" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x1816b000" os_pid = "0x370" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "9" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d094" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 160 os_tid = 0x524 Thread: id = 161 os_tid = 0x4d4 Thread: id = 162 os_tid = 0x4a8 Thread: id = 163 os_tid = 0x490 Thread: id = 164 os_tid = 0x48c Thread: id = 165 os_tid = 0x484 Thread: id = 166 os_tid = 0x170 Thread: id = 167 os_tid = 0x110 Thread: id = 168 os_tid = 0x3fc Thread: id = 169 os_tid = 0x3f4 Thread: id = 170 os_tid = 0x3e8 Thread: id = 171 os_tid = 0x39c Thread: id = 172 os_tid = 0x398 Thread: id = 173 os_tid = 0x394 Thread: id = 174 os_tid = 0x390 Thread: id = 175 os_tid = 0x37c Thread: id = 176 os_tid = 0x374 Thread: id = 177 os_tid = 0x420 Thread: id = 178 os_tid = 0x41c Thread: id = 179 os_tid = 0x6c4 Thread: id = 180 os_tid = 0x6d0 Thread: id = 181 os_tid = 0x6e8 Thread: id = 182 os_tid = 0x6ec Thread: id = 183 os_tid = 0x6f8 Thread: id = 184 os_tid = 0x6fc Thread: id = 185 os_tid = 0x704 Thread: id = 186 os_tid = 0x70c Thread: id = 187 os_tid = 0x710 Thread: id = 188 os_tid = 0x714 Thread: id = 189 os_tid = 0x720 Thread: id = 190 os_tid = 0x72c Thread: id = 191 os_tid = 0x738 Thread: id = 192 os_tid = 0x740 Thread: id = 193 os_tid = 0x744 Thread: id = 195 os_tid = 0x778 Thread: id = 196 os_tid = 0x77c Thread: id = 197 os_tid = 0x780 Thread: id = 198 os_tid = 0x784 Thread: id = 199 os_tid = 0x794 Thread: id = 217 os_tid = 0x7a0 Thread: id = 218 os_tid = 0x7a4 Thread: id = 219 os_tid = 0x404 Thread: id = 220 os_tid = 0x430 Thread: id = 221 os_tid = 0x460 Thread: id = 222 os_tid = 0x498 Thread: id = 277 os_tid = 0x5ec Thread: id = 300 os_tid = 0x4cc Thread: id = 301 os_tid = 0x4e0 Thread: id = 302 os_tid = 0x4dc Thread: id = 303 os_tid = 0x4ac Thread: id = 304 os_tid = 0x4d0 Thread: id = 305 os_tid = 0x4e4 Thread: id = 306 os_tid = 0x3d4 Thread: id = 307 os_tid = 0x480 Thread: id = 308 os_tid = 0x3a4 Thread: id = 309 os_tid = 0x58c Thread: id = 310 os_tid = 0x328 Thread: id = 311 os_tid = 0x32c Thread: id = 312 os_tid = 0x344 Thread: id = 313 os_tid = 0x57c Thread: id = 317 os_tid = 0x244 Thread: id = 318 os_tid = 0x2a8 Thread: id = 319 os_tid = 0x20c Thread: id = 320 os_tid = 0x2c4 Thread: id = 321 os_tid = 0x10c Thread: id = 322 os_tid = 0x208 Thread: id = 323 os_tid = 0x1c0 Thread: id = 324 os_tid = 0x240 Thread: id = 325 os_tid = 0x520 Thread: id = 326 os_tid = 0x574 Process: id = "12" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x2b110000" os_pid = "0x250" os_integrity_level = "0x4000" os_privileges = "0x60b00080" monitor_reason = "rpc_server" parent_id = "11" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k DcomLaunch" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\DcomLaunch" [0xa], "NT SERVICE\\PlugPlay" [0xe], "NT SERVICE\\Power" [0xa], "NT AUTHORITY\\Logon Session 00000000:00006e5c" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 200 os_tid = 0x700 Thread: id = 201 os_tid = 0x318 Thread: id = 202 os_tid = 0x2a8 Thread: id = 203 os_tid = 0x2a0 Thread: id = 204 os_tid = 0x29c Thread: id = 205 os_tid = 0x284 Thread: id = 206 os_tid = 0x280 Thread: id = 207 os_tid = 0x27c Thread: id = 208 os_tid = 0x278 Thread: id = 209 os_tid = 0x274 Thread: id = 210 os_tid = 0x270 Thread: id = 211 os_tid = 0x268 Thread: id = 212 os_tid = 0x260 Thread: id = 213 os_tid = 0x25c Thread: id = 214 os_tid = 0x254 Thread: id = 215 os_tid = 0x798 Thread: id = 216 os_tid = 0x79c Thread: id = 314 os_tid = 0x608 Thread: id = 316 os_tid = 0x660 Process: id = "13" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x70d92000" os_pid = "0x57c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "12" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e2f4" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 226 os_tid = 0x5b8 Thread: id = 227 os_tid = 0x5c8 Thread: id = 228 os_tid = 0x35c Thread: id = 229 os_tid = 0x330 Thread: id = 230 os_tid = 0x340 Thread: id = 231 os_tid = 0x32c Thread: id = 232 os_tid = 0x328 Process: id = "14" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x6324000" os_pid = "0x36c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "13" os_parent_pid = "0x308" cmd_line = "C:\\Windows\\Explorer.EXE" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e2f4" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 233 os_tid = 0x468 Thread: id = 234 os_tid = 0x7b8 Thread: id = 235 os_tid = 0x76c Thread: id = 236 os_tid = 0x768 Thread: id = 237 os_tid = 0x750 Thread: id = 238 os_tid = 0x728 Thread: id = 239 os_tid = 0x708 Thread: id = 240 os_tid = 0x6f4 Thread: id = 241 os_tid = 0x6c8 Thread: id = 242 os_tid = 0x618 Thread: id = 243 os_tid = 0x60c Thread: id = 244 os_tid = 0x5b0 Thread: id = 245 os_tid = 0x59c Thread: id = 246 os_tid = 0x598 Thread: id = 247 os_tid = 0x590 Thread: id = 248 os_tid = 0x54c Thread: id = 249 os_tid = 0x4fc Thread: id = 250 os_tid = 0x4e8 Thread: id = 251 os_tid = 0x4bc Thread: id = 252 os_tid = 0x4b8 Thread: id = 253 os_tid = 0x4b4 Thread: id = 254 os_tid = 0x4b0 Thread: id = 255 os_tid = 0x4a0 Thread: id = 256 os_tid = 0x49c Thread: id = 257 os_tid = 0x498 Thread: id = 258 os_tid = 0x494 Thread: id = 259 os_tid = 0x470 Thread: id = 260 os_tid = 0x3d4 Thread: id = 261 os_tid = 0x264 Thread: id = 262 os_tid = 0x11c Thread: id = 263 os_tid = 0x144 Thread: id = 264 os_tid = 0x15c Thread: id = 265 os_tid = 0x128 Thread: id = 266 os_tid = 0x3a0 Thread: id = 267 os_tid = 0x378 Thread: id = 297 os_tid = 0x7bc Thread: id = 315 os_tid = 0x4c0 Process: id = "15" image_name = "powershell.exe" filename = "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe" page_root = "0x5aa08000" os_pid = "0x358" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x670" cmd_line = "\"powershell\" Get-MpPreference -verbose" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e2f4" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 278 os_tid = 0x5e4 [0145.738] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0146.017] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0146.017] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0146.018] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0146.018] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0148.408] GetVersionExW (in: lpVersionInformation=0x746308*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x746308*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0148.408] GetLastError () returned 0x2 [0148.409] GetVersionExW (in: lpVersionInformation=0x746308*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x746308*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0148.409] GetLastError () returned 0x2 [0148.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0148.419] GetLastError () returned 0x2 [0148.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae8e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0148.496] GetLastError () returned 0x2 [0148.496] GetVersionExW (in: lpVersionInformation=0x746308*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x746308*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0148.496] GetLastError () returned 0x2 [0148.497] SetErrorMode (uMode=0x1) returned 0x1 [0148.498] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x2aed68 | out: lpFileInformation=0x2aed68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0148.498] GetLastError () returned 0x2 [0148.498] SetErrorMode (uMode=0x1) returned 0x1 [0148.550] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x2aedec | out: lpdwHandle=0x2aedec) returned 0x94c [0148.644] GetLastError () returned 0x0 [0148.645] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x29e4d48 | out: lpData=0x29e4d48) returned 1 [0148.800] VerQueryValueW (in: pBlock=0x29e4d48, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x2aedb8, puLen=0x2aedb4 | out: lplpBuffer=0x2aedb8*=0x29e4de4, puLen=0x2aedb4) returned 1 [0148.802] lstrlenW (lpString="䅁") returned 1 [0149.060] VerQueryValueW (in: pBlock=0x29e4d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x2aed34, puLen=0x2aed30 | out: lplpBuffer=0x2aed34*=0x29e4ec0, puLen=0x2aed30) returned 1 [0149.060] lstrlenW (lpString="Microsoft Corporation") returned 21 [0149.062] lstrcpyW (in: lpString1=0x7462f0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0149.062] VerQueryValueW (in: pBlock=0x29e4d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x2aed34, puLen=0x2aed30 | out: lplpBuffer=0x2aed34*=0x29e4f14, puLen=0x2aed30) returned 1 [0149.062] lstrlenW (lpString="System.Management.Automation") returned 28 [0149.062] lstrcpyW (in: lpString1=0x7462f0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0149.062] VerQueryValueW (in: pBlock=0x29e4d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x2aed34, puLen=0x2aed30 | out: lplpBuffer=0x2aed34*=0x29e4f70, puLen=0x2aed30) returned 1 [0149.062] lstrlenW (lpString="6.1.7601.17514") returned 14 [0149.062] lstrcpyW (in: lpString1=0x7462f0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0149.062] VerQueryValueW (in: pBlock=0x29e4d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x2aed34, puLen=0x2aed30 | out: lplpBuffer=0x2aed34*=0x29e4fb0, puLen=0x2aed30) returned 1 [0149.062] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0149.062] lstrcpyW (in: lpString1=0x7462f0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0149.062] VerQueryValueW (in: pBlock=0x29e4d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x2aed34, puLen=0x2aed30 | out: lplpBuffer=0x2aed34*=0x29e5018, puLen=0x2aed30) returned 1 [0149.062] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0149.063] lstrcpyW (in: lpString1=0x7462f0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0149.063] VerQueryValueW (in: pBlock=0x29e4d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x2aed34, puLen=0x2aed30 | out: lplpBuffer=0x2aed34*=0x29e50b4, puLen=0x2aed30) returned 1 [0149.063] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0149.063] lstrcpyW (in: lpString1=0x7462f0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0149.063] VerQueryValueW (in: pBlock=0x29e4d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x2aed34, puLen=0x2aed30 | out: lplpBuffer=0x2aed34*=0x29e5118, puLen=0x2aed30) returned 1 [0149.063] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0149.063] lstrcpyW (in: lpString1=0x7462f0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0149.063] VerQueryValueW (in: pBlock=0x29e4d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x2aed34, puLen=0x2aed30 | out: lplpBuffer=0x2aed34*=0x29e5194, puLen=0x2aed30) returned 1 [0149.063] lstrlenW (lpString="6.1.7601.17514") returned 14 [0149.063] lstrcpyW (in: lpString1=0x7462f0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0149.063] VerQueryValueW (in: pBlock=0x29e4d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x2aed34, puLen=0x2aed30 | out: lplpBuffer=0x2aed34*=0x29e4e3c, puLen=0x2aed30) returned 1 [0149.063] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0149.063] lstrcpyW (in: lpString1=0x7462f0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0149.063] VerQueryValueW (in: pBlock=0x29e4d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x2aed34, puLen=0x2aed30 | out: lplpBuffer=0x2aed34*=0x0, puLen=0x2aed30) returned 0 [0149.063] VerQueryValueW (in: pBlock=0x29e4d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x2aed34, puLen=0x2aed30 | out: lplpBuffer=0x2aed34*=0x0, puLen=0x2aed30) returned 0 [0149.063] VerQueryValueW (in: pBlock=0x29e4d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x2aed34, puLen=0x2aed30 | out: lplpBuffer=0x2aed34*=0x0, puLen=0x2aed30) returned 0 [0149.063] VerQueryValueW (in: pBlock=0x29e4d48, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x2aed28, puLen=0x2aed24 | out: lplpBuffer=0x2aed28*=0x29e4de4, puLen=0x2aed24) returned 1 [0149.065] VerLanguageNameW (in: wLang=0x0, szLang=0x7462f0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0149.140] VerQueryValueW (in: pBlock=0x29e4d48, lpSubBlock="\\", lplpBuffer=0x2aed3c, puLen=0x2aed38 | out: lplpBuffer=0x2aed3c*=0x29e4d70, puLen=0x2aed38) returned 1 [0149.155] GetCurrentProcessId () returned 0x358 [0150.731] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x2ae574 | out: lpLuid=0x2ae574*(LowPart=0x14, HighPart=0)) returned 1 [0150.734] GetLastError () returned 0x0 [0150.736] GetCurrentProcess () returned 0xffffffff [0150.736] GetLastError () returned 0x0 [0150.738] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x2ae570 | out: TokenHandle=0x2ae570*=0x30c) returned 1 [0150.738] GetLastError () returned 0x0 [0150.816] AdjustTokenPrivileges (in: TokenHandle=0x30c, DisableAllPrivileges=0, NewState=0x29e7888*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0150.816] GetLastError () returned 0x0 [0150.819] CloseHandle (hObject=0x30c) returned 1 [0150.819] GetLastError () returned 0x0 [0151.506] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x358) returned 0x30c [0151.507] GetLastError () returned 0x0 [0151.516] EnumProcessModules (in: hProcess=0x30c, lphModule=0x29e78cc, cb=0x100, lpcbNeeded=0x2aed64 | out: lphModule=0x29e78cc, lpcbNeeded=0x2aed64) returned 1 [0151.517] GetLastError () returned 0x0 [0151.521] GetModuleInformation (in: hProcess=0x30c, hModule=0x21d30000, lpmodinfo=0x29e7a0c, cb=0xc | out: lpmodinfo=0x29e7a0c*(lpBaseOfDll=0x21d30000, SizeOfImage=0x72000, EntryPoint=0x21d37363)) returned 1 [0151.521] GetLastError () returned 0x0 [0151.523] GetModuleBaseNameW (in: hProcess=0x30c, hModule=0x21d30000, lpBaseName=0x746ab0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0151.523] GetLastError () returned 0x0 [0151.524] GetModuleFileNameExW (in: hProcess=0x30c, hModule=0x21d30000, lpFilename=0x746ab0, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0151.524] GetLastError () returned 0x0 [0151.525] CloseHandle (hObject=0x30c) returned 1 [0151.525] GetLastError () returned 0x0 [0151.540] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x358) returned 0x30c [0151.540] GetLastError () returned 0x0 [0151.542] GetExitCodeProcess (in: hProcess=0x30c, lpExitCode=0x29e6ebc | out: lpExitCode=0x29e6ebc*=0x103) returned 1 [0151.542] GetLastError () returned 0x0 [0151.549] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x39e5278, Length=0x20000, ResultLength=0x2aedac | out: SystemInformation=0x39e5278, ResultLength=0x2aedac*=0x7e98) returned 0x0 [0151.809] EnumWindows (lpEnumFunc=0x29a3612, lParam=0x0) returned 1 [0151.811] GetWindowThreadProcessId (in: hWnd=0x200ce, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.812] GetLastError () returned 0x0 [0151.812] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.812] GetLastError () returned 0x0 [0151.812] GetWindowThreadProcessId (in: hWnd=0x200de, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.812] GetLastError () returned 0x0 [0151.812] GetWindowThreadProcessId (in: hWnd=0x1008c, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.812] GetLastError () returned 0x0 [0151.812] GetWindowThreadProcessId (in: hWnd=0x1012e, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x750 [0151.812] GetLastError () returned 0x0 [0151.812] GetWindowThreadProcessId (in: hWnd=0x1012a, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x708 [0151.812] GetLastError () returned 0x0 [0151.812] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x718 [0151.812] GetLastError () returned 0x0 [0151.813] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x718 [0151.813] GetLastError () returned 0x0 [0151.813] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.813] GetLastError () returned 0x0 [0151.813] GetWindowThreadProcessId (in: hWnd=0x10074, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.813] GetLastError () returned 0x0 [0151.813] GetWindowThreadProcessId (in: hWnd=0x10060, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.813] GetLastError () returned 0x0 [0151.813] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.813] GetLastError () returned 0x0 [0151.813] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.813] GetLastError () returned 0x0 [0151.813] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.813] GetLastError () returned 0x0 [0151.814] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.814] GetLastError () returned 0x0 [0151.814] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.814] GetLastError () returned 0x0 [0151.814] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x378 [0151.814] GetLastError () returned 0x0 [0151.814] GetWindowThreadProcessId (in: hWnd=0x50098, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.814] GetLastError () returned 0x0 [0151.814] GetWindowThreadProcessId (in: hWnd=0x1008e, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.814] GetLastError () returned 0x0 [0151.814] GetWindowThreadProcessId (in: hWnd=0x200e4, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.814] GetLastError () returned 0x0 [0151.814] GetWindowThreadProcessId (in: hWnd=0x1015c, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x674 [0151.814] GetLastError () returned 0x0 [0151.815] GetWindowThreadProcessId (in: hWnd=0x1015a, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x674 [0151.815] GetLastError () returned 0x0 [0151.815] GetWindowThreadProcessId (in: hWnd=0x10158, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x674 [0151.815] GetLastError () returned 0x0 [0151.815] GetWindowThreadProcessId (in: hWnd=0x10150, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x320 [0151.815] GetLastError () returned 0x0 [0151.815] GetWindowThreadProcessId (in: hWnd=0x200e0, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.815] GetLastError () returned 0x0 [0151.815] GetWindowThreadProcessId (in: hWnd=0x300ba, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.815] GetLastError () returned 0x0 [0151.815] GetWindowThreadProcessId (in: hWnd=0x300a8, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.815] GetLastError () returned 0x0 [0151.815] GetWindowThreadProcessId (in: hWnd=0x200b6, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.815] GetLastError () returned 0x0 [0151.816] GetWindowThreadProcessId (in: hWnd=0x200be, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.816] GetLastError () returned 0x0 [0151.816] GetWindowThreadProcessId (in: hWnd=0x300c2, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.816] GetLastError () returned 0x0 [0151.816] GetWindowThreadProcessId (in: hWnd=0x700a0, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.816] GetLastError () returned 0x0 [0151.816] GetWindowThreadProcessId (in: hWnd=0x4014a, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x708 [0151.816] GetLastError () returned 0x0 [0151.816] GetWindowThreadProcessId (in: hWnd=0x10148, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x6c8 [0151.816] GetLastError () returned 0x0 [0151.816] GetWindowThreadProcessId (in: hWnd=0x10144, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x6f4 [0151.816] GetLastError () returned 0x0 [0151.816] GetWindowThreadProcessId (in: hWnd=0x10128, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x708 [0151.816] GetLastError () returned 0x0 [0151.817] GetWindowThreadProcessId (in: hWnd=0x10116, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x6f4 [0151.817] GetLastError () returned 0x0 [0151.817] GetWindowThreadProcessId (in: hWnd=0x1010e, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x708 [0151.817] GetLastError () returned 0x0 [0151.817] GetWindowThreadProcessId (in: hWnd=0x20022, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x6c8 [0151.817] GetLastError () returned 0x0 [0151.817] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x6c8 [0151.817] GetLastError () returned 0x0 [0151.817] GetWindowThreadProcessId (in: hWnd=0x200a2, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x560 [0151.817] GetLastError () returned 0x0 [0151.817] GetWindowThreadProcessId (in: hWnd=0x10104, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x4f0 [0151.817] GetLastError () returned 0x0 [0151.817] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x4fc [0151.818] GetLastError () returned 0x0 [0151.818] GetWindowThreadProcessId (in: hWnd=0x200fc, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x378 [0151.818] GetLastError () returned 0x0 [0151.818] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x4bc [0151.818] GetLastError () returned 0x0 [0151.818] GetWindowThreadProcessId (in: hWnd=0x50090, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.818] GetLastError () returned 0x0 [0151.818] GetWindowThreadProcessId (in: hWnd=0x10086, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x494 [0151.818] GetLastError () returned 0x0 [0151.818] GetWindowThreadProcessId (in: hWnd=0x20084, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.818] GetLastError () returned 0x0 [0151.818] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.818] GetLastError () returned 0x0 [0151.818] GetWindowThreadProcessId (in: hWnd=0x10068, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.819] GetLastError () returned 0x0 [0151.819] GetWindowThreadProcessId (in: hWnd=0x1013c, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x790 [0151.819] GetLastError () returned 0x0 [0151.819] GetWindowThreadProcessId (in: hWnd=0x20016, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x614 [0151.819] GetLastError () returned 0x0 [0151.819] GetWindowThreadProcessId (in: hWnd=0x10064, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.819] GetLastError () returned 0x0 [0151.819] GetWindowThreadProcessId (in: hWnd=0x10050, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.819] GetLastError () returned 0x0 [0151.819] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x378 [0151.819] GetLastError () returned 0x0 [0151.819] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x378 [0151.819] GetLastError () returned 0x0 [0151.819] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x418 [0151.820] GetLastError () returned 0x0 [0151.820] GetWindowThreadProcessId (in: hWnd=0x1011c, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x718 [0151.820] GetLastError () returned 0x0 [0151.820] GetWindowThreadProcessId (in: hWnd=0x100ea, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x378 [0151.820] GetLastError () returned 0x0 [0151.820] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x750 [0151.820] GetLastError () returned 0x0 [0151.820] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.820] GetLastError () returned 0x0 [0151.820] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x11c [0151.820] GetLastError () returned 0x0 [0151.820] GetWindowThreadProcessId (in: hWnd=0x10156, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x674 [0151.820] GetLastError () returned 0x0 [0151.821] GetWindowThreadProcessId (in: hWnd=0x10152, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x320 [0151.821] GetLastError () returned 0x0 [0151.821] GetWindowThreadProcessId (in: hWnd=0x10118, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x6f4 [0151.821] GetLastError () returned 0x0 [0151.821] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x708 [0151.821] GetLastError () returned 0x0 [0151.821] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x6c8 [0151.821] GetLastError () returned 0x0 [0151.821] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x560 [0151.821] GetLastError () returned 0x0 [0151.821] GetWindowThreadProcessId (in: hWnd=0x10106, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x4f0 [0151.821] GetLastError () returned 0x0 [0151.821] GetWindowThreadProcessId (in: hWnd=0x1013e, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x790 [0151.821] GetLastError () returned 0x0 [0151.822] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x614 [0151.822] GetLastError () returned 0x0 [0151.822] GetWindowThreadProcessId (in: hWnd=0x10046, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x378 [0151.822] GetLastError () returned 0x0 [0151.822] GetWindowThreadProcessId (in: hWnd=0x200fe, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x378 [0151.822] GetLastError () returned 0x0 [0151.822] GetWindowThreadProcessId (in: hWnd=0x1011e, lpdwProcessId=0x2aea00 | out: lpdwProcessId=0x2aea00) returned 0x718 [0151.822] GetLastError () returned 0x0 [0151.822] GetLastError () returned 0x0 [0151.904] WerSetFlags () returned 0x0 [0152.056] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1 [0152.058] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x2aeddc, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x2aedd8 | out: pulNumLanguages=0x2aeddc, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x2aedd8) returned 1 [0152.058] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x2aeddc, pwszLanguagesBuffer=0x29f81b8, pcchLanguagesBuffer=0x2aedd8 | out: pulNumLanguages=0x2aeddc, pwszLanguagesBuffer=0x29f81b8, pcchLanguagesBuffer=0x2aedd8) returned 1 [0152.069] GetUserDefaultLocaleName (in: lpLocaleName=0x7462f0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6 [0152.107] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0152.107] GetLastError () returned 0xcb [0152.111] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0152.111] GetLastError () returned 0xcb [0152.116] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0152.116] GetLastError () returned 0xcb [0152.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae84c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.183] GetLastError () returned 0xcb [0152.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae868, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.183] GetLastError () returned 0xcb [0152.183] SetErrorMode (uMode=0x1) returned 0x1 [0152.183] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x2aece8 | out: lpFileInformation=0x2aece8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0152.184] GetLastError () returned 0xcb [0152.184] SetErrorMode (uMode=0x1) returned 0x1 [0152.184] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x2aed6c | out: lpdwHandle=0x2aed6c) returned 0x94c [0152.185] GetLastError () returned 0x0 [0152.185] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x29fa6e8 | out: lpData=0x29fa6e8) returned 1 [0152.185] VerQueryValueW (in: pBlock=0x29fa6e8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x2aed38, puLen=0x2aed34 | out: lplpBuffer=0x2aed38*=0x29fa784, puLen=0x2aed34) returned 1 [0152.185] VerQueryValueW (in: pBlock=0x29fa6e8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x2aecb4, puLen=0x2aecb0 | out: lplpBuffer=0x2aecb4*=0x29fa860, puLen=0x2aecb0) returned 1 [0152.185] lstrlenW (lpString="Microsoft Corporation") returned 21 [0152.185] lstrcpyW (in: lpString1=0x7462f0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0152.186] VerQueryValueW (in: pBlock=0x29fa6e8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x2aecb4, puLen=0x2aecb0 | out: lplpBuffer=0x2aecb4*=0x29fa8b4, puLen=0x2aecb0) returned 1 [0152.186] lstrlenW (lpString="System.Management.Automation") returned 28 [0152.186] lstrcpyW (in: lpString1=0x7462f0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0152.186] VerQueryValueW (in: pBlock=0x29fa6e8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x2aecb4, puLen=0x2aecb0 | out: lplpBuffer=0x2aecb4*=0x29fa910, puLen=0x2aecb0) returned 1 [0152.186] lstrlenW (lpString="6.1.7601.17514") returned 14 [0152.186] lstrcpyW (in: lpString1=0x7462f0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0152.186] VerQueryValueW (in: pBlock=0x29fa6e8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x2aecb4, puLen=0x2aecb0 | out: lplpBuffer=0x2aecb4*=0x29fa950, puLen=0x2aecb0) returned 1 [0152.186] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0152.186] lstrcpyW (in: lpString1=0x7462f0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0152.186] VerQueryValueW (in: pBlock=0x29fa6e8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x2aecb4, puLen=0x2aecb0 | out: lplpBuffer=0x2aecb4*=0x29fa9b8, puLen=0x2aecb0) returned 1 [0152.186] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0152.186] lstrcpyW (in: lpString1=0x7462f0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0152.186] VerQueryValueW (in: pBlock=0x29fa6e8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x2aecb4, puLen=0x2aecb0 | out: lplpBuffer=0x2aecb4*=0x29faa54, puLen=0x2aecb0) returned 1 [0152.186] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0152.186] lstrcpyW (in: lpString1=0x7462f0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0152.186] VerQueryValueW (in: pBlock=0x29fa6e8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x2aecb4, puLen=0x2aecb0 | out: lplpBuffer=0x2aecb4*=0x29faab8, puLen=0x2aecb0) returned 1 [0152.186] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0152.186] lstrcpyW (in: lpString1=0x7462f0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0152.186] VerQueryValueW (in: pBlock=0x29fa6e8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x2aecb4, puLen=0x2aecb0 | out: lplpBuffer=0x2aecb4*=0x29fab34, puLen=0x2aecb0) returned 1 [0152.187] lstrlenW (lpString="6.1.7601.17514") returned 14 [0152.187] lstrcpyW (in: lpString1=0x7462f0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0152.187] VerQueryValueW (in: pBlock=0x29fa6e8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x2aecb4, puLen=0x2aecb0 | out: lplpBuffer=0x2aecb4*=0x29fa7dc, puLen=0x2aecb0) returned 1 [0152.187] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0152.187] lstrcpyW (in: lpString1=0x7462f0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0152.187] VerQueryValueW (in: pBlock=0x29fa6e8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x2aecb4, puLen=0x2aecb0 | out: lplpBuffer=0x2aecb4*=0x0, puLen=0x2aecb0) returned 0 [0152.187] VerQueryValueW (in: pBlock=0x29fa6e8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x2aecb4, puLen=0x2aecb0 | out: lplpBuffer=0x2aecb4*=0x0, puLen=0x2aecb0) returned 0 [0152.187] VerQueryValueW (in: pBlock=0x29fa6e8, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x2aecb4, puLen=0x2aecb0 | out: lplpBuffer=0x2aecb4*=0x0, puLen=0x2aecb0) returned 0 [0152.187] VerQueryValueW (in: pBlock=0x29fa6e8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x2aeca8, puLen=0x2aeca4 | out: lplpBuffer=0x2aeca8*=0x29fa784, puLen=0x2aeca4) returned 1 [0152.187] VerLanguageNameW (in: wLang=0x0, szLang=0x7462f0, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0152.187] VerQueryValueW (in: pBlock=0x29fa6e8, lpSubBlock="\\", lplpBuffer=0x2aecbc, puLen=0x2aecb8 | out: lplpBuffer=0x2aecbc*=0x29fa710, puLen=0x2aecb8) returned 1 [0152.194] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0152.194] GetLastError () returned 0xcb [0152.200] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0152.200] GetLastError () returned 0xcb [0152.204] lstrlenW (lpString="䅁") returned 1 [0152.207] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aec80 | out: phkResult=0x2aec80*=0x324) returned 0x0 [0152.208] RegOpenKeyExW (in: hKey=0x324, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aec84 | out: phkResult=0x2aec84*=0x328) returned 0x0 [0152.208] RegOpenKeyExW (in: hKey=0x328, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aecb8 | out: phkResult=0x2aecb8*=0x32c) returned 0x0 [0152.210] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2aecf8, lpData=0x0, lpcbData=0x2aecf4*=0x0 | out: lpType=0x2aecf8*=0x1, lpData=0x0, lpcbData=0x2aecf4*=0x56) returned 0x0 [0152.211] RegQueryValueExW (in: hKey=0x32c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2aecf8, lpData=0x7462f0, lpcbData=0x2aecf4*=0x56 | out: lpType=0x2aecf8*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2aecf4*=0x56) returned 0x0 [0152.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.214] GetLastError () returned 0x0 [0152.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.216] GetLastError () returned 0x0 [0152.224] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.224] GetLastError () returned 0x0 [0152.242] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0152.242] GetLastError () returned 0xcb [0152.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x2ae7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0152.704] GetLastError () returned 0x2 [0152.704] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x2ae7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0152.704] GetLastError () returned 0x2 [0152.862] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0152.862] GetLastError () returned 0xcb [0152.863] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0152.863] GetLastError () returned 0xcb [0152.894] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0152.894] GetLastError () returned 0xcb [0152.895] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0152.895] GetLastError () returned 0xcb [0152.895] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0152.895] GetLastError () returned 0xcb [0153.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x2ae7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0153.177] GetLastError () returned 0x0 [0153.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x2ae7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0153.178] GetLastError () returned 0x0 [0153.207] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.207] GetLastError () returned 0xcb [0153.210] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.210] GetLastError () returned 0xcb [0153.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.279] GetLastError () returned 0x7e [0153.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.279] GetLastError () returned 0x7e [0153.985] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x2ae7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0153.985] GetLastError () returned 0x2 [0153.985] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x2ae7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0153.985] GetLastError () returned 0x2 [0154.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.075] GetLastError () returned 0x57 [0154.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.075] GetLastError () returned 0x57 [0154.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x2ae7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0154.264] GetLastError () returned 0x2 [0154.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x2ae7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0154.264] GetLastError () returned 0x2 [0154.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x2ae7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0154.486] GetLastError () returned 0x2 [0154.487] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x2ae7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0154.487] GetLastError () returned 0x2 [0154.537] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.537] GetLastError () returned 0xcb [0154.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae888, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.537] GetLastError () returned 0xcb [0154.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae838, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.538] GetLastError () returned 0xcb [0154.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae838, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.538] GetLastError () returned 0xcb [0154.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae838, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.552] GetLastError () returned 0xcb [0154.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x2ae7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c [0154.626] GetLastError () returned 0x2 [0154.626] SetErrorMode (uMode=0x1) returned 0x1 [0154.626] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x2aec74 | out: lpFileInformation=0x2aec74*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.626] GetLastError () returned 0x2 [0154.626] SetErrorMode (uMode=0x1) returned 0x1 [0154.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae888, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.833] GetLastError () returned 0x0 [0154.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae838, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.833] GetLastError () returned 0x0 [0154.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae838, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.834] GetLastError () returned 0x0 [0154.838] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.838] GetLastError () returned 0xcb [0154.841] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.841] GetLastError () returned 0xcb [0154.841] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.841] GetLastError () returned 0xcb [0154.846] CoCreateGuid (in: pguid=0x2aed54 | out: pguid=0x2aed54*(Data1=0xd78903c, Data2=0x28cc, Data3=0x4cea, Data4=([0]=0xae, [1]=0x6e, [2]=0x83, [3]=0x7, [4]=0x29, [5]=0x78, [6]=0x71, [7]=0xed))) returned 0x0 [0154.851] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.851] GetLastError () returned 0xcb [0154.853] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.853] GetLastError () returned 0xcb [0154.855] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.855] GetLastError () returned 0xcb [0154.864] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0154.864] GetLastError () returned 0x0 [0154.866] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x2aec34 | out: lpConsoleScreenBufferInfo=0x2aec34) returned 1 [0154.867] GetLastError () returned 0x0 [0154.871] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13 [0154.872] GetLastError () returned 0x0 [0154.872] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x2aec34 | out: lpConsoleScreenBufferInfo=0x2aec34) returned 1 [0154.872] GetLastError () returned 0x0 [0154.873] GetVersionExW (in: lpVersionInformation=0x746308*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x746308*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0154.873] GetLastError () returned 0x0 [0154.874] GetCurrentProcess () returned 0xffffffff [0154.874] GetLastError () returned 0x3f0 [0154.875] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2aec44 | out: TokenHandle=0x2aec44*=0x348) returned 1 [0154.875] GetLastError () returned 0x3f0 [0154.879] GetTokenInformation (in: TokenHandle=0x348, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x2aec9c | out: TokenInformation=0x0, ReturnLength=0x2aec9c) returned 0 [0154.879] GetLastError () returned 0x7a [0154.880] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x723fe8 [0154.880] GetLastError () returned 0x7a [0154.880] GetTokenInformation (in: TokenHandle=0x348, TokenInformationClass=0x8, TokenInformation=0x723fe8, TokenInformationLength=0x4, ReturnLength=0x2aec9c | out: TokenInformation=0x723fe8, ReturnLength=0x2aec9c) returned 1 [0154.880] GetLastError () returned 0x7a [0154.883] DuplicateTokenEx (in: hExistingToken=0x348, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x2aec54 | out: phNewToken=0x2aec54*=0x340) returned 1 [0154.883] GetLastError () returned 0x7f [0154.883] GetTokenInformation (in: TokenHandle=0x348, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x2aec9c | out: TokenInformation=0x0, ReturnLength=0x2aec9c) returned 0 [0154.883] GetLastError () returned 0x7a [0154.883] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x723fc8 [0154.883] GetLastError () returned 0x7a [0154.883] GetTokenInformation (in: TokenHandle=0x348, TokenInformationClass=0x8, TokenInformation=0x723fc8, TokenInformationLength=0x4, ReturnLength=0x2aec9c | out: TokenInformation=0x723fc8, ReturnLength=0x2aec9c) returned 1 [0154.883] GetLastError () returned 0x7a [0154.884] CheckTokenMembership (in: TokenHandle=0x340, SidToCheck=0x2a7d55c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x2aec30 | out: IsMember=0x2aec30) returned 1 [0154.884] GetLastError () returned 0x7a [0154.884] CloseHandle (hObject=0x340) returned 1 [0154.884] GetLastError () returned 0x7a [0154.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae744, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.884] GetLastError () returned 0x7a [0154.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.884] GetLastError () returned 0x7a [0154.884] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.885] GetLastError () returned 0x7a [0154.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.885] GetLastError () returned 0x7a [0154.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae744, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.919] GetLastError () returned 0x7a [0154.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.919] GetLastError () returned 0x7a [0154.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.919] GetLastError () returned 0x7a [0154.928] GetConsoleTitleW (in: lpConsoleTitle=0x746ab0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39 [0154.928] GetLastError () returned 0x7a [0154.951] GetConsoleTitleW (in: lpConsoleTitle=0x746ab0, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39 [0154.951] GetLastError () returned 0x7a [0154.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae73c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.952] GetLastError () returned 0x7a [0154.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.952] GetLastError () returned 0x7a [0154.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.952] GetLastError () returned 0x7a [0154.957] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1 [0154.957] GetLastError () returned 0x7a [0154.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.957] GetLastError () returned 0x7a [0154.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.957] GetLastError () returned 0x7a [0154.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.957] GetLastError () returned 0x7a [0154.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.957] GetLastError () returned 0x7a [0154.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.998] GetLastError () returned 0x7a [0154.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.998] GetLastError () returned 0x7a [0154.998] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.999] GetLastError () returned 0x7a [0154.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae774, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.999] GetLastError () returned 0x7a [0154.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.999] GetLastError () returned 0x7a [0154.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae724, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.999] GetLastError () returned 0x7a [0154.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae788, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.999] GetLastError () returned 0x7a [0154.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae738, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.999] GetLastError () returned 0x7a [0154.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae738, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.999] GetLastError () returned 0x7a [0154.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae738, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0154.999] GetLastError () returned 0x7a [0155.064] SetConsoleCtrlHandler (HandlerRoutine=0x29a384a, Add=1) returned 1 [0155.064] GetLastError () returned 0x7a [0155.088] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x340 [0155.088] GetLastError () returned 0x0 [0155.090] CoCreateGuid (in: pguid=0x2aec68 | out: pguid=0x2aec68*(Data1=0xc5c96a1f, Data2=0x5505, Data3=0x4d91, Data4=([0]=0x9a, [1]=0xc4, [2]=0xc8, [3]=0x78, [4]=0xa7, [5]=0x4c, [6]=0x25, [7]=0x55))) returned 0x0 [0155.123] WinSqmIsOptedIn () returned 0x0 [0155.125] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.125] GetLastError () returned 0xcb [0155.131] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.131] GetLastError () returned 0xcb [0155.132] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.132] GetLastError () returned 0xcb [0155.134] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.134] GetLastError () returned 0xcb [0155.135] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.135] GetLastError () returned 0xcb [0155.143] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.143] GetLastError () returned 0xcb [0155.144] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.144] GetLastError () returned 0xcb [0155.144] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.144] GetLastError () returned 0xcb [0155.147] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.147] GetLastError () returned 0xcb [0155.158] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.158] GetLastError () returned 0xcb [0155.160] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.160] GetLastError () returned 0xcb [0155.161] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.161] GetLastError () returned 0xcb [0155.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.723] GetLastError () returned 0xcb [0155.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.723] GetLastError () returned 0xcb [0155.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.723] GetLastError () returned 0xcb [0155.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.723] GetLastError () returned 0xcb [0155.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.782] GetLastError () returned 0x3 [0155.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.782] GetLastError () returned 0x3 [0155.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.782] GetLastError () returned 0x3 [0155.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.782] GetLastError () returned 0x3 [0155.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.782] GetLastError () returned 0x3 [0155.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.782] GetLastError () returned 0x3 [0155.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.782] GetLastError () returned 0x3 [0155.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.782] GetLastError () returned 0x3 [0155.782] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.783] GetLastError () returned 0x3 [0155.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.783] GetLastError () returned 0x3 [0155.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.783] GetLastError () returned 0x3 [0155.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae470, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.783] GetLastError () returned 0x3 [0155.786] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33 [0155.786] GetLastError () returned 0x3 [0155.789] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x7462f0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0155.789] GetLastError () returned 0x3 [0155.789] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aea80 | out: phkResult=0x2aea80*=0x34c) returned 0x0 [0155.789] RegQueryValueExW (in: hKey=0x34c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x2aeac4, lpData=0x0, lpcbData=0x2aeac0*=0x0 | out: lpType=0x2aeac4*=0x2, lpData=0x0, lpcbData=0x2aeac0*=0x6c) returned 0x0 [0155.791] RegQueryValueExW (in: hKey=0x34c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x2aeac4, lpData=0x7462f0, lpcbData=0x2aeac0*=0x6c | out: lpType=0x2aeac4*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x2aeac0*=0x6c) returned 0x0 [0155.791] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x7462f0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb [0155.791] GetLastError () returned 0x3 [0155.791] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x7462f0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0155.791] GetLastError () returned 0x3 [0155.791] RegCloseKey (hKey=0x34c) returned 0x0 [0155.792] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x7462f0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0155.792] GetLastError () returned 0x3 [0155.792] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aea80 | out: phkResult=0x2aea80*=0x34c) returned 0x0 [0155.792] RegQueryValueExW (in: hKey=0x34c, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x2aeac4, lpData=0x0, lpcbData=0x2aeac0*=0x0 | out: lpType=0x2aeac4*=0x0, lpData=0x0, lpcbData=0x2aeac0*=0x0) returned 0x2 [0155.792] RegCloseKey (hKey=0x34c) returned 0x0 [0155.861] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x7462f0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0 [0155.863] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x2ae5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27 [0155.863] GetLastError () returned 0x3f0 [0155.864] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1 [0155.864] GetLastError () returned 0x3f0 [0155.874] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.874] GetLastError () returned 0xcb [0155.875] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.875] GetLastError () returned 0xcb [0155.886] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.886] GetLastError () returned 0xcb [0155.886] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.886] GetLastError () returned 0xcb [0155.892] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aea00 | out: phkResult=0x2aea00*=0x358) returned 0x0 [0155.894] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0x2aea68, lpData=0x0, lpcbData=0x2aea64*=0x0 | out: lpType=0x2aea68*=0x1, lpData=0x0, lpcbData=0x2aea64*=0x74) returned 0x0 [0155.895] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0x2aea48, lpData=0x0, lpcbData=0x2aea44*=0x0 | out: lpType=0x2aea48*=0x1, lpData=0x0, lpcbData=0x2aea44*=0x74) returned 0x0 [0155.895] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0x2aea48, lpData=0x7462f0, lpcbData=0x2aea44*=0x74 | out: lpType=0x2aea48*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x2aea44*=0x74) returned 0x0 [0155.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x2ae5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0155.895] GetLastError () returned 0xcb [0155.895] SetErrorMode (uMode=0x1) returned 0x1 [0155.896] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x2aea48 | out: lpFileInformation=0x2aea48*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0155.896] GetLastError () returned 0xcb [0155.896] SetErrorMode (uMode=0x1) returned 0x1 [0155.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae5bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0155.900] GetLastError () returned 0xcb [0155.900] SetErrorMode (uMode=0x1) returned 0x1 [0155.900] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2aea3c | out: lpFileInformation=0x2aea3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0155.901] GetLastError () returned 0xcb [0155.901] SetErrorMode (uMode=0x1) returned 0x1 [0155.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae5bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0155.904] GetLastError () returned 0xcb [0155.904] SetErrorMode (uMode=0x1) returned 0x1 [0155.904] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2aea3c | out: lpFileInformation=0x2aea3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0155.906] GetLastError () returned 0xcb [0155.906] SetErrorMode (uMode=0x1) returned 0x1 [0155.912] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.912] GetLastError () returned 0xcb [0155.914] GetACP () returned 0x4e4 [0155.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae44c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0155.925] GetLastError () returned 0xcb [0155.925] SetErrorMode (uMode=0x1) returned 0x1 [0155.927] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x35c [0155.927] GetLastError () returned 0x0 [0155.928] GetFileType (hFile=0x35c) returned 0x1 [0155.928] SetErrorMode (uMode=0x1) returned 0x1 [0155.928] GetFileType (hFile=0x35c) returned 0x1 [0155.929] ReadFile (in: hFile=0x35c, lpBuffer=0x2adcd48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2adcd48*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0155.931] GetLastError () returned 0x0 [0155.932] ReadFile (in: hFile=0x35c, lpBuffer=0x2adcd48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2adcd48*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0155.933] GetLastError () returned 0x0 [0155.933] ReadFile (in: hFile=0x35c, lpBuffer=0x2adcd48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2adcd48*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0155.933] GetLastError () returned 0x0 [0155.933] ReadFile (in: hFile=0x35c, lpBuffer=0x2adcd48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2adcd48*, lpNumberOfBytesRead=0x2ae9b4*=0xcf3, lpOverlapped=0x0) returned 1 [0155.933] GetLastError () returned 0x0 [0155.933] ReadFile (in: hFile=0x35c, lpBuffer=0x2adc1db, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2adc1db*, lpNumberOfBytesRead=0x2ae9b4*=0x0, lpOverlapped=0x0) returned 1 [0155.933] GetLastError () returned 0x0 [0155.933] ReadFile (in: hFile=0x35c, lpBuffer=0x2adcd48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2adcd48*, lpNumberOfBytesRead=0x2ae9b4*=0x0, lpOverlapped=0x0) returned 1 [0155.933] GetLastError () returned 0x0 [0155.935] CloseHandle (hObject=0x35c) returned 1 [0155.935] GetLastError () returned 0x0 [0155.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae514, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0155.936] GetLastError () returned 0x0 [0155.936] SetErrorMode (uMode=0x1) returned 0x1 [0155.936] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2aee0bc | out: lpFileInformation=0x2aee0bc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0155.936] GetLastError () returned 0x0 [0155.936] SetErrorMode (uMode=0x1) returned 0x1 [0156.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0156.000] GetLastError () returned 0x0 [0156.000] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae938 | out: phkResult=0x2ae938*=0x35c) returned 0x0 [0156.000] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2ae980, lpData=0x0, lpcbData=0x2ae97c*=0x0 | out: lpType=0x2ae980*=0x1, lpData=0x0, lpcbData=0x2ae97c*=0x56) returned 0x0 [0156.000] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2ae980, lpData=0x7462f0, lpcbData=0x2ae97c*=0x56 | out: lpType=0x2ae980*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2ae97c*=0x56) returned 0x0 [0156.001] RegCloseKey (hKey=0x35c) returned 0x0 [0156.001] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0156.001] GetLastError () returned 0x0 [0156.001] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae474, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0156.001] GetLastError () returned 0x0 [0156.059] GetSystemInfo (in: lpSystemInfo=0x2ae0b8 | out: lpSystemInfo=0x2ae0b8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0156.061] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.092] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae44c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0156.092] GetLastError () returned 0x0 [0156.092] SetErrorMode (uMode=0x1) returned 0x1 [0156.092] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x35c [0156.092] GetLastError () returned 0x0 [0156.092] GetFileType (hFile=0x35c) returned 0x1 [0156.092] SetErrorMode (uMode=0x1) returned 0x1 [0156.092] GetFileType (hFile=0x35c) returned 0x1 [0156.092] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.094] GetLastError () returned 0x0 [0156.094] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.095] GetLastError () returned 0x0 [0156.096] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.096] GetLastError () returned 0x0 [0156.096] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.096] GetLastError () returned 0x0 [0156.096] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.096] GetLastError () returned 0x0 [0156.097] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.097] GetLastError () returned 0x0 [0156.097] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.097] GetLastError () returned 0x0 [0156.097] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.098] GetLastError () returned 0x0 [0156.098] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.098] GetLastError () returned 0x0 [0156.099] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.099] GetLastError () returned 0x0 [0156.099] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.099] GetLastError () returned 0x0 [0156.099] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.099] GetLastError () returned 0x0 [0156.099] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.099] GetLastError () returned 0x0 [0156.099] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.099] GetLastError () returned 0x0 [0156.100] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.100] GetLastError () returned 0x0 [0156.100] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.100] GetLastError () returned 0x0 [0156.100] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.100] GetLastError () returned 0x0 [0156.102] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.102] GetLastError () returned 0x0 [0156.102] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.102] GetLastError () returned 0x0 [0156.103] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.103] GetLastError () returned 0x0 [0156.103] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.103] GetLastError () returned 0x0 [0156.103] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.103] GetLastError () returned 0x0 [0156.103] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.103] GetLastError () returned 0x0 [0156.104] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.104] GetLastError () returned 0x0 [0156.104] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.104] GetLastError () returned 0x0 [0156.104] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.104] GetLastError () returned 0x0 [0156.104] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.104] GetLastError () returned 0x0 [0156.104] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.104] GetLastError () returned 0x0 [0156.105] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.105] GetLastError () returned 0x0 [0156.105] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.105] GetLastError () returned 0x0 [0156.105] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.105] GetLastError () returned 0x0 [0156.105] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.105] GetLastError () returned 0x0 [0156.105] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.105] GetLastError () returned 0x0 [0156.114] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.114] GetLastError () returned 0x0 [0156.114] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.114] GetLastError () returned 0x0 [0156.114] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.114] GetLastError () returned 0x0 [0156.115] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.115] GetLastError () returned 0x0 [0156.115] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.115] GetLastError () returned 0x0 [0156.115] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.115] GetLastError () returned 0x0 [0156.115] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.115] GetLastError () returned 0x0 [0156.115] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.116] GetLastError () returned 0x0 [0156.116] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x1b4, lpOverlapped=0x0) returned 1 [0156.116] GetLastError () returned 0x0 [0156.116] ReadFile (in: hFile=0x35c, lpBuffer=0x2b224d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae9b4, lpOverlapped=0x0 | out: lpBuffer=0x2b224d8*, lpNumberOfBytesRead=0x2ae9b4*=0x0, lpOverlapped=0x0) returned 1 [0156.116] GetLastError () returned 0x0 [0156.116] CloseHandle (hObject=0x35c) returned 1 [0156.116] GetLastError () returned 0x0 [0156.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae514, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0156.116] GetLastError () returned 0x0 [0156.116] SetErrorMode (uMode=0x1) returned 0x1 [0156.116] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2b42d68 | out: lpFileInformation=0x2b42d68*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0156.116] GetLastError () returned 0x0 [0156.116] SetErrorMode (uMode=0x1) returned 0x1 [0156.116] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0156.116] GetLastError () returned 0x0 [0156.117] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae938 | out: phkResult=0x2ae938*=0x35c) returned 0x0 [0156.117] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2ae980, lpData=0x0, lpcbData=0x2ae97c*=0x0 | out: lpType=0x2ae980*=0x1, lpData=0x0, lpcbData=0x2ae97c*=0x56) returned 0x0 [0156.117] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2ae980, lpData=0x7462f0, lpcbData=0x2ae97c*=0x56 | out: lpType=0x2ae980*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2ae97c*=0x56) returned 0x0 [0156.117] RegCloseKey (hKey=0x35c) returned 0x0 [0156.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0156.117] GetLastError () returned 0x0 [0156.117] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae474, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0156.117] GetLastError () returned 0x0 [0156.354] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.367] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.369] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.369] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.370] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.370] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.371] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.374] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.390] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.391] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.391] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.391] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.392] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.392] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.393] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.393] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.400] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.410] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.410] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.412] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.412] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.413] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.414] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.414] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.414] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.415] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.415] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.416] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.416] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.416] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.419] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.423] VirtualQuery (in: lpAddress=0x2ad878, lpBuffer=0x2ae878, dwLength=0x1c | out: lpBuffer=0x2ae878*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.423] VirtualQuery (in: lpAddress=0x2ad878, lpBuffer=0x2ae878, dwLength=0x1c | out: lpBuffer=0x2ae878*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.423] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.425] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.493] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.493] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.494] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.500] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.500] GetLastError () returned 0xcb [0156.504] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.513] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.513] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.513] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.513] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.515] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.515] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.518] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.520] VirtualQuery (in: lpAddress=0x2ad874, lpBuffer=0x2ae874, dwLength=0x1c | out: lpBuffer=0x2ae874*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.527] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae9fc | out: phkResult=0x2ae9fc*=0x358) returned 0x0 [0156.528] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0x2aea64, lpData=0x0, lpcbData=0x2aea60*=0x0 | out: lpType=0x2aea64*=0x1, lpData=0x0, lpcbData=0x2aea60*=0x74) returned 0x0 [0156.528] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0x2aea44, lpData=0x0, lpcbData=0x2aea40*=0x0 | out: lpType=0x2aea44*=0x1, lpData=0x0, lpcbData=0x2aea40*=0x74) returned 0x0 [0156.528] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0x2aea44, lpData=0x7462f0, lpcbData=0x2aea40*=0x74 | out: lpType=0x2aea44*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x2aea40*=0x74) returned 0x0 [0156.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x2ae5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0156.528] GetLastError () returned 0xcb [0156.528] SetErrorMode (uMode=0x1) returned 0x1 [0156.528] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x2aea44 | out: lpFileInformation=0x2aea44*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0156.528] GetLastError () returned 0xcb [0156.528] SetErrorMode (uMode=0x1) returned 0x1 [0156.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae5b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0156.532] GetLastError () returned 0xcb [0156.532] SetErrorMode (uMode=0x1) returned 0x1 [0156.532] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2aea38 | out: lpFileInformation=0x2aea38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0156.533] GetLastError () returned 0xcb [0156.533] SetErrorMode (uMode=0x1) returned 0x1 [0156.533] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae5b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0156.533] GetLastError () returned 0xcb [0156.533] SetErrorMode (uMode=0x1) returned 0x1 [0156.533] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2aea38 | out: lpFileInformation=0x2aea38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0156.534] GetLastError () returned 0xcb [0156.534] SetErrorMode (uMode=0x1) returned 0x1 [0156.534] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae5b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0156.534] GetLastError () returned 0xcb [0156.534] SetErrorMode (uMode=0x1) returned 0x1 [0156.534] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2aea38 | out: lpFileInformation=0x2aea38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0156.535] GetLastError () returned 0xcb [0156.535] SetErrorMode (uMode=0x1) returned 0x1 [0156.535] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae5b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0156.535] GetLastError () returned 0xcb [0156.536] SetErrorMode (uMode=0x1) returned 0x1 [0156.536] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2aea38 | out: lpFileInformation=0x2aea38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0156.536] GetLastError () returned 0xcb [0156.536] SetErrorMode (uMode=0x1) returned 0x1 [0156.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae5b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0156.536] GetLastError () returned 0xcb [0156.536] SetErrorMode (uMode=0x1) returned 0x1 [0156.536] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2aea38 | out: lpFileInformation=0x2aea38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1 [0156.536] GetLastError () returned 0xcb [0156.536] SetErrorMode (uMode=0x1) returned 0x1 [0156.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae5b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0156.537] GetLastError () returned 0xcb [0156.537] SetErrorMode (uMode=0x1) returned 0x1 [0156.537] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2aea38 | out: lpFileInformation=0x2aea38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1 [0156.537] GetLastError () returned 0xcb [0156.537] SetErrorMode (uMode=0x1) returned 0x1 [0156.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae5b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0156.537] GetLastError () returned 0xcb [0156.537] SetErrorMode (uMode=0x1) returned 0x1 [0156.537] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2aea38 | out: lpFileInformation=0x2aea38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1 [0156.537] GetLastError () returned 0xcb [0156.537] SetErrorMode (uMode=0x1) returned 0x1 [0156.538] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae5b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0156.538] GetLastError () returned 0xcb [0156.538] SetErrorMode (uMode=0x1) returned 0x1 [0156.538] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2aea38 | out: lpFileInformation=0x2aea38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1 [0156.539] GetLastError () returned 0xcb [0156.539] SetErrorMode (uMode=0x1) returned 0x1 [0156.539] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae5b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0156.539] GetLastError () returned 0xcb [0156.539] SetErrorMode (uMode=0x1) returned 0x1 [0156.539] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2aea38 | out: lpFileInformation=0x2aea38*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1 [0156.539] GetLastError () returned 0xcb [0156.539] SetErrorMode (uMode=0x1) returned 0x1 [0156.540] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.540] GetLastError () returned 0xcb [0156.554] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.554] GetLastError () returned 0xcb [0156.555] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.555] GetLastError () returned 0xcb [0156.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae34c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0156.557] GetLastError () returned 0xcb [0156.557] SetErrorMode (uMode=0x1) returned 0x1 [0156.557] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324 [0156.557] GetLastError () returned 0x0 [0156.557] GetFileType (hFile=0x324) returned 0x1 [0156.558] SetErrorMode (uMode=0x1) returned 0x1 [0156.558] GetFileType (hFile=0x324) returned 0x1 [0156.558] ReadFile (in: hFile=0x324, lpBuffer=0x2dee514, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2dee514*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.560] GetLastError () returned 0x0 [0156.623] ReadFile (in: hFile=0x324, lpBuffer=0x2dee514, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2dee514*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.624] GetLastError () returned 0x0 [0156.624] ReadFile (in: hFile=0x324, lpBuffer=0x2dee514, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2dee514*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.624] GetLastError () returned 0x0 [0156.624] ReadFile (in: hFile=0x324, lpBuffer=0x2dee514, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2dee514*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.624] GetLastError () returned 0x0 [0156.624] ReadFile (in: hFile=0x324, lpBuffer=0x2dee514, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2dee514*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.625] GetLastError () returned 0x0 [0156.625] ReadFile (in: hFile=0x324, lpBuffer=0x2dee514, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2dee514*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.625] GetLastError () returned 0x0 [0156.625] ReadFile (in: hFile=0x324, lpBuffer=0x2dee514, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2dee514*, lpNumberOfBytesRead=0x2ae8b4*=0x9e2, lpOverlapped=0x0) returned 1 [0156.625] GetLastError () returned 0x0 [0156.625] ReadFile (in: hFile=0x324, lpBuffer=0x2deda96, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2deda96*, lpNumberOfBytesRead=0x2ae8b4*=0x0, lpOverlapped=0x0) returned 1 [0156.625] GetLastError () returned 0x0 [0156.625] ReadFile (in: hFile=0x324, lpBuffer=0x2dee514, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2dee514*, lpNumberOfBytesRead=0x2ae8b4*=0x0, lpOverlapped=0x0) returned 1 [0156.625] GetLastError () returned 0x0 [0156.625] CloseHandle (hObject=0x324) returned 1 [0156.625] GetLastError () returned 0x0 [0156.625] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae414, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0156.626] GetLastError () returned 0x0 [0156.626] SetErrorMode (uMode=0x1) returned 0x1 [0156.626] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2dff5d0 | out: lpFileInformation=0x2dff5d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0156.626] GetLastError () returned 0x0 [0156.626] SetErrorMode (uMode=0x1) returned 0x1 [0156.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0156.626] GetLastError () returned 0x0 [0156.626] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae838 | out: phkResult=0x2ae838*=0x324) returned 0x0 [0156.626] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2ae880, lpData=0x0, lpcbData=0x2ae87c*=0x0 | out: lpType=0x2ae880*=0x1, lpData=0x0, lpcbData=0x2ae87c*=0x56) returned 0x0 [0156.627] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2ae880, lpData=0x7462f0, lpcbData=0x2ae87c*=0x56 | out: lpType=0x2ae880*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2ae87c*=0x56) returned 0x0 [0156.627] RegCloseKey (hKey=0x324) returned 0x0 [0156.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0156.627] GetLastError () returned 0x0 [0156.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae374, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0156.627] GetLastError () returned 0x0 [0156.651] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x7048454e, Data2=0xe74f, Data3=0x4fca, Data4=([0]=0xa9, [1]=0x98, [2]=0xab, [3]=0xc9, [4]=0xa7, [5]=0xc4, [6]=0x25, [7]=0xd3))) returned 0x0 [0156.676] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x68fd9f81, Data2=0x8e9c, Data3=0x420a, Data4=([0]=0x8a, [1]=0xf4, [2]=0x30, [3]=0xa8, [4]=0x60, [5]=0x97, [6]=0xff, [7]=0x80))) returned 0x0 [0156.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae34c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0156.678] GetLastError () returned 0x0 [0156.678] SetErrorMode (uMode=0x1) returned 0x1 [0156.678] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324 [0156.678] GetLastError () returned 0x0 [0156.678] GetFileType (hFile=0x324) returned 0x1 [0156.678] SetErrorMode (uMode=0x1) returned 0x1 [0156.678] GetFileType (hFile=0x324) returned 0x1 [0156.679] ReadFile (in: hFile=0x324, lpBuffer=0x2e128b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2e128b8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.681] GetLastError () returned 0x0 [0156.682] ReadFile (in: hFile=0x324, lpBuffer=0x2e128b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2e128b8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.682] GetLastError () returned 0x0 [0156.682] ReadFile (in: hFile=0x324, lpBuffer=0x2e128b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2e128b8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.682] GetLastError () returned 0x0 [0156.683] ReadFile (in: hFile=0x324, lpBuffer=0x2e128b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2e128b8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.683] GetLastError () returned 0x0 [0156.683] ReadFile (in: hFile=0x324, lpBuffer=0x2e128b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2e128b8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.683] GetLastError () returned 0x0 [0156.684] ReadFile (in: hFile=0x324, lpBuffer=0x2e128b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2e128b8*, lpNumberOfBytesRead=0x2ae8b4*=0xfb2, lpOverlapped=0x0) returned 1 [0156.684] GetLastError () returned 0x0 [0156.684] ReadFile (in: hFile=0x324, lpBuffer=0x2e1200a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2e1200a*, lpNumberOfBytesRead=0x2ae8b4*=0x0, lpOverlapped=0x0) returned 1 [0156.684] GetLastError () returned 0x0 [0156.684] ReadFile (in: hFile=0x324, lpBuffer=0x2e128b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2e128b8*, lpNumberOfBytesRead=0x2ae8b4*=0x0, lpOverlapped=0x0) returned 1 [0156.685] GetLastError () returned 0x0 [0156.685] CloseHandle (hObject=0x324) returned 1 [0156.685] GetLastError () returned 0x0 [0156.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae414, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0156.685] GetLastError () returned 0x0 [0156.685] SetErrorMode (uMode=0x1) returned 0x1 [0156.685] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2e33148 | out: lpFileInformation=0x2e33148*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0156.685] GetLastError () returned 0x0 [0156.685] SetErrorMode (uMode=0x1) returned 0x1 [0156.685] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0156.685] GetLastError () returned 0x0 [0156.685] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae838 | out: phkResult=0x2ae838*=0x324) returned 0x0 [0156.686] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2ae880, lpData=0x0, lpcbData=0x2ae87c*=0x0 | out: lpType=0x2ae880*=0x1, lpData=0x0, lpcbData=0x2ae87c*=0x56) returned 0x0 [0156.686] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2ae880, lpData=0x7462f0, lpcbData=0x2ae87c*=0x56 | out: lpType=0x2ae880*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2ae87c*=0x56) returned 0x0 [0156.686] RegCloseKey (hKey=0x324) returned 0x0 [0156.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0156.686] GetLastError () returned 0x0 [0156.686] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae374, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0156.686] GetLastError () returned 0x0 [0156.688] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x3e4f9a44, Data2=0xda42, Data3=0x464c, Data4=([0]=0x93, [1]=0xc9, [2]=0xdb, [3]=0xe6, [4]=0x3a, [5]=0xf1, [6]=0xd8, [7]=0x5e))) returned 0x0 [0156.697] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x587fe93a, Data2=0xbf03, Data3=0x444f, Data4=([0]=0x84, [1]=0xbf, [2]=0xfd, [3]=0xa9, [4]=0x58, [5]=0x97, [6]=0x5d, [7]=0xd9))) returned 0x0 [0156.749] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x6eba414a, Data2=0xb48c, Data3=0x4e93, Data4=([0]=0xa9, [1]=0x1, [2]=0xbb, [3]=0x27, [4]=0xd4, [5]=0xba, [6]=0xe6, [7]=0x2b))) returned 0x0 [0156.749] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xa3916b7c, Data2=0xad93, Data3=0x4905, Data4=([0]=0xaf, [1]=0xda, [2]=0xaf, [3]=0xfe, [4]=0xd7, [5]=0xc2, [6]=0x68, [7]=0x8))) returned 0x0 [0156.749] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xef7ec1a7, Data2=0xcce6, Data3=0x46f5, Data4=([0]=0xa1, [1]=0xff, [2]=0xdf, [3]=0xf6, [4]=0xe8, [5]=0xc7, [6]=0x70, [7]=0x36))) returned 0x0 [0156.749] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x1bb61fbe, Data2=0xc5b9, Data3=0x4dd2, Data4=([0]=0x96, [1]=0x29, [2]=0xfb, [3]=0xd1, [4]=0xac, [5]=0xf5, [6]=0xc9, [7]=0xeb))) returned 0x0 [0156.750] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae34c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0156.750] GetLastError () returned 0x0 [0156.750] SetErrorMode (uMode=0x1) returned 0x1 [0156.750] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324 [0156.750] GetLastError () returned 0x0 [0156.750] GetFileType (hFile=0x324) returned 0x1 [0156.750] SetErrorMode (uMode=0x1) returned 0x1 [0156.750] GetFileType (hFile=0x324) returned 0x1 [0156.751] ReadFile (in: hFile=0x324, lpBuffer=0x2e52af0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2e52af0*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.753] GetLastError () returned 0x0 [0156.754] ReadFile (in: hFile=0x324, lpBuffer=0x2e52af0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2e52af0*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.754] GetLastError () returned 0x0 [0156.755] ReadFile (in: hFile=0x324, lpBuffer=0x2e52af0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2e52af0*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.755] GetLastError () returned 0x0 [0156.755] ReadFile (in: hFile=0x324, lpBuffer=0x2e52af0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2e52af0*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.755] GetLastError () returned 0x0 [0156.756] ReadFile (in: hFile=0x324, lpBuffer=0x2e52af0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2e52af0*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.756] GetLastError () returned 0x0 [0156.756] ReadFile (in: hFile=0x324, lpBuffer=0x2e52af0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2e52af0*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.756] GetLastError () returned 0x0 [0156.756] ReadFile (in: hFile=0x324, lpBuffer=0x2e52af0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2e52af0*, lpNumberOfBytesRead=0x2ae8b4*=0xaca, lpOverlapped=0x0) returned 1 [0156.756] GetLastError () returned 0x0 [0156.756] ReadFile (in: hFile=0x324, lpBuffer=0x2e5215a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2e5215a*, lpNumberOfBytesRead=0x2ae8b4*=0x0, lpOverlapped=0x0) returned 1 [0156.756] GetLastError () returned 0x0 [0156.756] ReadFile (in: hFile=0x324, lpBuffer=0x2e52af0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2e52af0*, lpNumberOfBytesRead=0x2ae8b4*=0x0, lpOverlapped=0x0) returned 1 [0156.756] GetLastError () returned 0x0 [0156.757] CloseHandle (hObject=0x324) returned 1 [0156.757] GetLastError () returned 0x0 [0156.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae414, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0156.757] GetLastError () returned 0x0 [0156.757] SetErrorMode (uMode=0x1) returned 0x1 [0156.757] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2e73aec | out: lpFileInformation=0x2e73aec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0156.757] GetLastError () returned 0x0 [0156.757] SetErrorMode (uMode=0x1) returned 0x1 [0156.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0156.757] GetLastError () returned 0x0 [0156.757] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae838 | out: phkResult=0x2ae838*=0x324) returned 0x0 [0156.758] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2ae880, lpData=0x0, lpcbData=0x2ae87c*=0x0 | out: lpType=0x2ae880*=0x1, lpData=0x0, lpcbData=0x2ae87c*=0x56) returned 0x0 [0156.758] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2ae880, lpData=0x7462f0, lpcbData=0x2ae87c*=0x56 | out: lpType=0x2ae880*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2ae87c*=0x56) returned 0x0 [0156.758] RegCloseKey (hKey=0x324) returned 0x0 [0156.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0156.758] GetLastError () returned 0x0 [0156.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae374, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0156.758] GetLastError () returned 0x0 [0156.777] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x2ae0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a [0156.777] GetLastError () returned 0x0 [0156.779] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0156.779] GetLastError () returned 0x57 [0156.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x2ae0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48 [0156.790] GetLastError () returned 0x57 [0156.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0156.797] GetLastError () returned 0x57 [0156.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x2ae0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0156.799] GetLastError () returned 0x57 [0156.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x2ae0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52 [0156.811] GetLastError () returned 0x57 [0156.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x2ae0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74 [0156.818] GetLastError () returned 0x57 [0156.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x2ae0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0156.820] GetLastError () returned 0x57 [0156.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x2ae0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60 [0156.832] GetLastError () returned 0x57 [0156.838] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x2ae0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0156.838] GetLastError () returned 0x57 [0156.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x2ae0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0156.839] GetLastError () returned 0x57 [0156.840] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x2ae0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0156.840] GetLastError () returned 0x57 [0156.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x2ae0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50 [0156.841] GetLastError () returned 0x57 [0156.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x2ae0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e [0156.841] GetLastError () returned 0x57 [0156.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x2ae0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c [0156.844] GetLastError () returned 0x57 [0156.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x2ae0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a [0156.845] GetLastError () returned 0x57 [0156.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x2ae0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0156.845] GetLastError () returned 0x57 [0156.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x2ae0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48 [0156.845] GetLastError () returned 0x57 [0156.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0156.845] GetLastError () returned 0x57 [0156.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0156.845] GetLastError () returned 0x57 [0156.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0156.845] GetLastError () returned 0x57 [0156.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0156.845] GetLastError () returned 0x57 [0156.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0156.845] GetLastError () returned 0x57 [0156.869] VirtualQuery (in: lpAddress=0x2ad590, lpBuffer=0x2ae590, dwLength=0x1c | out: lpBuffer=0x2ae590*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.872] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xfcf752c0, Data2=0xd2cf, Data3=0x43d9, Data4=([0]=0x89, [1]=0xa1, [2]=0xe8, [3]=0x65, [4]=0x79, [5]=0x66, [6]=0xf3, [7]=0x67))) returned 0x0 [0156.873] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xd9f0da86, Data2=0x28e8, Data3=0x43b9, Data4=([0]=0xa4, [1]=0x9f, [2]=0xdf, [3]=0xba, [4]=0x8a, [5]=0xa4, [6]=0x72, [7]=0x77))) returned 0x0 [0156.873] VirtualQuery (in: lpAddress=0x2ad608, lpBuffer=0x2ae608, dwLength=0x1c | out: lpBuffer=0x2ae608*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.873] VirtualQuery (in: lpAddress=0x2ad608, lpBuffer=0x2ae608, dwLength=0x1c | out: lpBuffer=0x2ae608*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.873] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x6d77d2ad, Data2=0x163e, Data3=0x4a67, Data4=([0]=0x8b, [1]=0x34, [2]=0x17, [3]=0xd1, [4]=0xdf, [5]=0x4e, [6]=0x45, [7]=0x12))) returned 0x0 [0156.878] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xc153991e, Data2=0xca92, Data3=0x4da1, Data4=([0]=0xa8, [1]=0x15, [2]=0x9b, [3]=0xe6, [4]=0x1e, [5]=0x9c, [6]=0xeb, [7]=0x54))) returned 0x0 [0156.878] VirtualQuery (in: lpAddress=0x2ad734, lpBuffer=0x2ae734, dwLength=0x1c | out: lpBuffer=0x2ae734*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.878] VirtualQuery (in: lpAddress=0x2ad5e0, lpBuffer=0x2ae5e0, dwLength=0x1c | out: lpBuffer=0x2ae5e0*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.879] VirtualQuery (in: lpAddress=0x2ad5e0, lpBuffer=0x2ae5e0, dwLength=0x1c | out: lpBuffer=0x2ae5e0*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.879] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x23b296bf, Data2=0x283d, Data3=0x4ec7, Data4=([0]=0xa5, [1]=0xfd, [2]=0xb8, [3]=0x61, [4]=0xb9, [5]=0x9f, [6]=0xe7, [7]=0xa6))) returned 0x0 [0156.879] VirtualQuery (in: lpAddress=0x2ad734, lpBuffer=0x2ae734, dwLength=0x1c | out: lpBuffer=0x2ae734*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.879] VirtualQuery (in: lpAddress=0x2ad64c, lpBuffer=0x2ae64c, dwLength=0x1c | out: lpBuffer=0x2ae64c*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.880] VirtualQuery (in: lpAddress=0x2ad300, lpBuffer=0x2ae300, dwLength=0x1c | out: lpBuffer=0x2ae300*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.880] VirtualQuery (in: lpAddress=0x2ad300, lpBuffer=0x2ae300, dwLength=0x1c | out: lpBuffer=0x2ae300*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.880] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x8afd7bee, Data2=0xa15, Data3=0x4ef5, Data4=([0]=0xa0, [1]=0x95, [2]=0x9e, [3]=0xd5, [4]=0x23, [5]=0xad, [6]=0x21, [7]=0xec))) returned 0x0 [0156.880] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x2337e7f7, Data2=0x8664, Data3=0x4541, Data4=([0]=0xac, [1]=0x7e, [2]=0xca, [3]=0x20, [4]=0xe4, [5]=0x5b, [6]=0x2c, [7]=0x30))) returned 0x0 [0156.881] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae34c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0156.881] GetLastError () returned 0x57 [0156.881] SetErrorMode (uMode=0x1) returned 0x1 [0156.881] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324 [0156.881] GetLastError () returned 0x0 [0156.881] GetFileType (hFile=0x324) returned 0x1 [0156.881] SetErrorMode (uMode=0x1) returned 0x1 [0156.881] GetFileType (hFile=0x324) returned 0x1 [0156.881] ReadFile (in: hFile=0x324, lpBuffer=0x2ed8bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2ed8bec*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.883] GetLastError () returned 0x0 [0156.883] ReadFile (in: hFile=0x324, lpBuffer=0x2ed8bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2ed8bec*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.884] GetLastError () returned 0x0 [0156.885] ReadFile (in: hFile=0x324, lpBuffer=0x2ed8bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2ed8bec*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.885] GetLastError () returned 0x0 [0156.885] ReadFile (in: hFile=0x324, lpBuffer=0x2ed8bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2ed8bec*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.885] GetLastError () returned 0x0 [0156.886] ReadFile (in: hFile=0x324, lpBuffer=0x2ed8bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2ed8bec*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.886] GetLastError () returned 0x0 [0156.886] ReadFile (in: hFile=0x324, lpBuffer=0x2ed8bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2ed8bec*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.886] GetLastError () returned 0x0 [0156.886] ReadFile (in: hFile=0x324, lpBuffer=0x2ed8bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2ed8bec*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.886] GetLastError () returned 0x0 [0156.886] ReadFile (in: hFile=0x324, lpBuffer=0x2ed8bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2ed8bec*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.887] GetLastError () returned 0x0 [0156.888] ReadFile (in: hFile=0x324, lpBuffer=0x2ed8bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2ed8bec*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.888] GetLastError () returned 0x0 [0156.888] ReadFile (in: hFile=0x324, lpBuffer=0x2ed8bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2ed8bec*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.888] GetLastError () returned 0x0 [0156.888] ReadFile (in: hFile=0x324, lpBuffer=0x2ed8bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2ed8bec*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.888] GetLastError () returned 0x0 [0156.888] ReadFile (in: hFile=0x324, lpBuffer=0x2ed8bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2ed8bec*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.888] GetLastError () returned 0x0 [0156.888] ReadFile (in: hFile=0x324, lpBuffer=0x2ed8bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2ed8bec*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.888] GetLastError () returned 0x0 [0156.888] ReadFile (in: hFile=0x324, lpBuffer=0x2ed8bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2ed8bec*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.888] GetLastError () returned 0x0 [0156.889] ReadFile (in: hFile=0x324, lpBuffer=0x2ed8bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2ed8bec*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.889] GetLastError () returned 0x0 [0156.889] ReadFile (in: hFile=0x324, lpBuffer=0x2ed8bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2ed8bec*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.889] GetLastError () returned 0x0 [0156.891] ReadFile (in: hFile=0x324, lpBuffer=0x2ed8bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2ed8bec*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.891] GetLastError () returned 0x0 [0156.891] ReadFile (in: hFile=0x324, lpBuffer=0x2ed8bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2ed8bec*, lpNumberOfBytesRead=0x2ae8b4*=0xbce, lpOverlapped=0x0) returned 1 [0156.891] GetLastError () returned 0x0 [0156.892] ReadFile (in: hFile=0x324, lpBuffer=0x2ed835a, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2ed835a*, lpNumberOfBytesRead=0x2ae8b4*=0x0, lpOverlapped=0x0) returned 1 [0156.892] GetLastError () returned 0x0 [0156.892] ReadFile (in: hFile=0x324, lpBuffer=0x2ed8bec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2ed8bec*, lpNumberOfBytesRead=0x2ae8b4*=0x0, lpOverlapped=0x0) returned 1 [0156.892] GetLastError () returned 0x0 [0156.892] CloseHandle (hObject=0x324) returned 1 [0156.892] GetLastError () returned 0x0 [0156.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae414, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0156.892] GetLastError () returned 0x0 [0156.892] SetErrorMode (uMode=0x1) returned 0x1 [0156.892] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2ef9be8 | out: lpFileInformation=0x2ef9be8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0156.892] GetLastError () returned 0x0 [0156.892] SetErrorMode (uMode=0x1) returned 0x1 [0156.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0156.892] GetLastError () returned 0x0 [0156.893] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae838 | out: phkResult=0x2ae838*=0x324) returned 0x0 [0156.893] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2ae880, lpData=0x0, lpcbData=0x2ae87c*=0x0 | out: lpType=0x2ae880*=0x1, lpData=0x0, lpcbData=0x2ae87c*=0x56) returned 0x0 [0156.893] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2ae880, lpData=0x7462f0, lpcbData=0x2ae87c*=0x56 | out: lpType=0x2ae880*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2ae87c*=0x56) returned 0x0 [0156.893] RegCloseKey (hKey=0x324) returned 0x0 [0156.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0156.893] GetLastError () returned 0x0 [0156.893] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae374, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0156.893] GetLastError () returned 0x0 [0156.897] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xce6d3f93, Data2=0xda91, Data3=0x456b, Data4=([0]=0x94, [1]=0xea, [2]=0x3a, [3]=0x27, [4]=0x80, [5]=0x26, [6]=0x32, [7]=0x4))) returned 0x0 [0156.897] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xf6c9a2e9, Data2=0x920d, Data3=0x4905, Data4=([0]=0xba, [1]=0xed, [2]=0xfc, [3]=0x66, [4]=0xb, [5]=0xfc, [6]=0x9a, [7]=0xa7))) returned 0x0 [0156.898] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x74658e36, Data2=0xbc72, Data3=0x449d, Data4=([0]=0x99, [1]=0x14, [2]=0xc9, [3]=0xd9, [4]=0xca, [5]=0xf4, [6]=0xbb, [7]=0xf2))) returned 0x0 [0156.898] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xa2bef183, Data2=0xfa75, Data3=0x4be0, Data4=([0]=0x9a, [1]=0x45, [2]=0x33, [3]=0xed, [4]=0xf1, [5]=0x87, [6]=0x10, [7]=0x4a))) returned 0x0 [0156.898] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x5dbac9d8, Data2=0xf3dd, Data3=0x4013, Data4=([0]=0xbc, [1]=0x26, [2]=0xf6, [3]=0xdf, [4]=0x55, [5]=0xc6, [6]=0x60, [7]=0x5a))) returned 0x0 [0156.898] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x8dff5dcc, Data2=0x3471, Data3=0x4c95, Data4=([0]=0xa4, [1]=0x29, [2]=0x77, [3]=0xee, [4]=0x25, [5]=0x6a, [6]=0x25, [7]=0xbd))) returned 0x0 [0156.899] VirtualQuery (in: lpAddress=0x2ad5e0, lpBuffer=0x2ae5e0, dwLength=0x1c | out: lpBuffer=0x2ae5e0*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.899] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x851ea17d, Data2=0x4234, Data3=0x4d09, Data4=([0]=0x95, [1]=0xa1, [2]=0x17, [3]=0xbe, [4]=0x67, [5]=0x13, [6]=0xb4, [7]=0xeb))) returned 0x0 [0156.899] VirtualQuery (in: lpAddress=0x2ad5e0, lpBuffer=0x2ae5e0, dwLength=0x1c | out: lpBuffer=0x2ae5e0*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.900] VirtualQuery (in: lpAddress=0x2ad5e0, lpBuffer=0x2ae5e0, dwLength=0x1c | out: lpBuffer=0x2ae5e0*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.900] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xec801e0b, Data2=0xff82, Data3=0x401a, Data4=([0]=0xa9, [1]=0x3b, [2]=0x42, [3]=0x3d, [4]=0x23, [5]=0xca, [6]=0xcf, [7]=0x4f))) returned 0x0 [0156.900] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x23e4373, Data2=0x45fc, Data3=0x42bf, Data4=([0]=0x80, [1]=0xa1, [2]=0x1f, [3]=0x8a, [4]=0xee, [5]=0x20, [6]=0xf7, [7]=0x33))) returned 0x0 [0156.900] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xd6346a5d, Data2=0x116f, Data3=0x45a4, Data4=([0]=0x9a, [1]=0x68, [2]=0x2b, [3]=0x33, [4]=0x44, [5]=0xe6, [6]=0x27, [7]=0x21))) returned 0x0 [0156.901] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x9ab8fbb0, Data2=0x6acb, Data3=0x4d69, Data4=([0]=0x9a, [1]=0xf2, [2]=0xe5, [3]=0x86, [4]=0xa, [5]=0xd5, [6]=0x23, [7]=0x34))) returned 0x0 [0156.901] VirtualQuery (in: lpAddress=0x2ad5e0, lpBuffer=0x2ae5e0, dwLength=0x1c | out: lpBuffer=0x2ae5e0*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.901] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xaea7b85, Data2=0x2722, Data3=0x4c60, Data4=([0]=0xb9, [1]=0x98, [2]=0xfe, [3]=0x38, [4]=0xed, [5]=0xdb, [6]=0xaf, [7]=0x60))) returned 0x0 [0156.901] VirtualQuery (in: lpAddress=0x2ad5e0, lpBuffer=0x2ae5e0, dwLength=0x1c | out: lpBuffer=0x2ae5e0*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.902] VirtualQuery (in: lpAddress=0x2ad5e0, lpBuffer=0x2ae5e0, dwLength=0x1c | out: lpBuffer=0x2ae5e0*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.902] VirtualQuery (in: lpAddress=0x2ad5e0, lpBuffer=0x2ae5e0, dwLength=0x1c | out: lpBuffer=0x2ae5e0*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.903] VirtualQuery (in: lpAddress=0x2ad5e0, lpBuffer=0x2ae5e0, dwLength=0x1c | out: lpBuffer=0x2ae5e0*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.903] VirtualQuery (in: lpAddress=0x2ad5e0, lpBuffer=0x2ae5e0, dwLength=0x1c | out: lpBuffer=0x2ae5e0*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.904] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x965fc536, Data2=0xbfbc, Data3=0x4c06, Data4=([0]=0x8d, [1]=0x59, [2]=0xc4, [3]=0xf7, [4]=0xce, [5]=0x1e, [6]=0x4, [7]=0x4e))) returned 0x0 [0156.904] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xb248d886, Data2=0x4fe3, Data3=0x4d38, Data4=([0]=0xa2, [1]=0x4a, [2]=0x2d, [3]=0xe6, [4]=0x88, [5]=0x4e, [6]=0xe, [7]=0xc0))) returned 0x0 [0156.904] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x62bd17a7, Data2=0x2c4, Data3=0x4087, Data4=([0]=0xb0, [1]=0xbc, [2]=0x88, [3]=0xbf, [4]=0x7, [5]=0x48, [6]=0x11, [7]=0x7b))) returned 0x0 [0156.904] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xef94eb10, Data2=0x9d7d, Data3=0x4837, Data4=([0]=0x80, [1]=0x1d, [2]=0xbe, [3]=0x9f, [4]=0x6f, [5]=0xea, [6]=0x5a, [7]=0xa8))) returned 0x0 [0156.904] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x478c39ac, Data2=0x4e81, Data3=0x4858, Data4=([0]=0x94, [1]=0x12, [2]=0xb3, [3]=0x23, [4]=0xc9, [5]=0x5b, [6]=0x59, [7]=0x1))) returned 0x0 [0156.905] VirtualQuery (in: lpAddress=0x2ad734, lpBuffer=0x2ae734, dwLength=0x1c | out: lpBuffer=0x2ae734*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.905] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x654ede0, Data2=0xa032, Data3=0x4e72, Data4=([0]=0xa4, [1]=0x48, [2]=0xfb, [3]=0x5c, [4]=0xc6, [5]=0x83, [6]=0x1e, [7]=0x4))) returned 0x0 [0156.905] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x8d4ab51e, Data2=0xfbd, Data3=0x44af, Data4=([0]=0x80, [1]=0x26, [2]=0x6c, [3]=0x78, [4]=0xa5, [5]=0x97, [6]=0xe2, [7]=0xe0))) returned 0x0 [0156.905] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xcfb1497e, Data2=0x1cd0, Data3=0x4ae1, Data4=([0]=0x8b, [1]=0x92, [2]=0x68, [3]=0x36, [4]=0x41, [5]=0xe, [6]=0x74, [7]=0xd8))) returned 0x0 [0156.906] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xcd00e1d8, Data2=0x94af, Data3=0x480c, Data4=([0]=0x8f, [1]=0x8, [2]=0x7d, [3]=0xf, [4]=0x82, [5]=0xd3, [6]=0x67, [7]=0x59))) returned 0x0 [0156.906] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xdf0b9115, Data2=0x647b, Data3=0x451b, Data4=([0]=0xb7, [1]=0xc6, [2]=0xba, [3]=0xa9, [4]=0xe8, [5]=0x46, [6]=0x5e, [7]=0xc3))) returned 0x0 [0156.906] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x484bc976, Data2=0xea9b, Data3=0x47f7, Data4=([0]=0xbb, [1]=0x15, [2]=0x47, [3]=0x34, [4]=0x17, [5]=0x31, [6]=0xc3, [7]=0x9))) returned 0x0 [0156.906] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x513faafd, Data2=0xa7b9, Data3=0x4bb2, Data4=([0]=0xba, [1]=0x46, [2]=0x72, [3]=0xe4, [4]=0x51, [5]=0x60, [6]=0x18, [7]=0xae))) returned 0x0 [0156.906] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xee1af05, Data2=0xe63d, Data3=0x4a60, Data4=([0]=0xb4, [1]=0x39, [2]=0x13, [3]=0xf2, [4]=0x8f, [5]=0xac, [6]=0xf6, [7]=0x46))) returned 0x0 [0156.907] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x9b6dca1, Data2=0xd8c, Data3=0x4a66, Data4=([0]=0xb2, [1]=0x9d, [2]=0xa6, [3]=0xdb, [4]=0xef, [5]=0x35, [6]=0xe4, [7]=0xf))) returned 0x0 [0156.907] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xf34748d2, Data2=0x8e33, Data3=0x49de, Data4=([0]=0xa3, [1]=0x31, [2]=0xed, [3]=0xc3, [4]=0x38, [5]=0x84, [6]=0x5, [7]=0x1f))) returned 0x0 [0156.907] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x32d18ff7, Data2=0x2068, Data3=0x4602, Data4=([0]=0x8b, [1]=0x67, [2]=0x89, [3]=0xe2, [4]=0x74, [5]=0x49, [6]=0x4, [7]=0x6a))) returned 0x0 [0156.907] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xec723098, Data2=0xedf4, Data3=0x4c93, Data4=([0]=0x87, [1]=0xff, [2]=0x68, [3]=0x72, [4]=0xfe, [5]=0xf9, [6]=0xee, [7]=0x84))) returned 0x0 [0156.907] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x52a9cd83, Data2=0x305b, Data3=0x4a93, Data4=([0]=0x8a, [1]=0xc1, [2]=0x4e, [3]=0x98, [4]=0x6f, [5]=0xe7, [6]=0x8d, [7]=0x7e))) returned 0x0 [0156.907] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x96090d08, Data2=0xecd8, Data3=0x45f4, Data4=([0]=0x87, [1]=0x44, [2]=0x27, [3]=0x19, [4]=0x4c, [5]=0x27, [6]=0xad, [7]=0xc4))) returned 0x0 [0156.908] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xc035b020, Data2=0x8d8b, Data3=0x48b4, Data4=([0]=0xa9, [1]=0x1, [2]=0xb6, [3]=0xcc, [4]=0x51, [5]=0xff, [6]=0xe1, [7]=0xa5))) returned 0x0 [0156.908] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xbbc2f672, Data2=0x9caf, Data3=0x4988, Data4=([0]=0xa2, [1]=0xff, [2]=0x3e, [3]=0x24, [4]=0xda, [5]=0x24, [6]=0x53, [7]=0x17))) returned 0x0 [0156.908] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x19654e81, Data2=0x7f62, Data3=0x4fdc, Data4=([0]=0xbe, [1]=0x73, [2]=0x6c, [3]=0xfe, [4]=0xbc, [5]=0xea, [6]=0xb1, [7]=0xa0))) returned 0x0 [0156.908] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x7b159a81, Data2=0x5e52, Data3=0x4e4f, Data4=([0]=0xab, [1]=0xdf, [2]=0x54, [3]=0x99, [4]=0x3a, [5]=0x70, [6]=0x75, [7]=0xa4))) returned 0x0 [0156.908] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xda6d5f97, Data2=0xad2b, Data3=0x44e9, Data4=([0]=0xb6, [1]=0x66, [2]=0x5d, [3]=0xf, [4]=0xa3, [5]=0xd0, [6]=0xa2, [7]=0xd6))) returned 0x0 [0156.909] VirtualQuery (in: lpAddress=0x2ad5e0, lpBuffer=0x2ae5e0, dwLength=0x1c | out: lpBuffer=0x2ae5e0*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.909] VirtualQuery (in: lpAddress=0x2ad5e0, lpBuffer=0x2ae5e0, dwLength=0x1c | out: lpBuffer=0x2ae5e0*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.911] VirtualQuery (in: lpAddress=0x2ad5e0, lpBuffer=0x2ae5e0, dwLength=0x1c | out: lpBuffer=0x2ae5e0*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.913] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x2e724861, Data2=0xe15c, Data3=0x477f, Data4=([0]=0x83, [1]=0x54, [2]=0xba, [3]=0x66, [4]=0xbb, [5]=0x5c, [6]=0xe4, [7]=0x24))) returned 0x0 [0156.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae34c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0156.913] GetLastError () returned 0x0 [0156.913] SetErrorMode (uMode=0x1) returned 0x1 [0156.914] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324 [0156.914] GetLastError () returned 0x0 [0156.914] GetFileType (hFile=0x324) returned 0x1 [0156.914] SetErrorMode (uMode=0x1) returned 0x1 [0156.914] GetFileType (hFile=0x324) returned 0x1 [0156.914] ReadFile (in: hFile=0x324, lpBuffer=0x2f96ad4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2f96ad4*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.965] GetLastError () returned 0x0 [0156.965] ReadFile (in: hFile=0x324, lpBuffer=0x2f96ad4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2f96ad4*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.966] GetLastError () returned 0x0 [0156.966] ReadFile (in: hFile=0x324, lpBuffer=0x2f96ad4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2f96ad4*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.966] GetLastError () returned 0x0 [0156.966] ReadFile (in: hFile=0x324, lpBuffer=0x2f96ad4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2f96ad4*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.966] GetLastError () returned 0x0 [0156.967] ReadFile (in: hFile=0x324, lpBuffer=0x2f96ad4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2f96ad4*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.967] GetLastError () returned 0x0 [0156.967] ReadFile (in: hFile=0x324, lpBuffer=0x2f96ad4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2f96ad4*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0156.967] GetLastError () returned 0x0 [0156.967] ReadFile (in: hFile=0x324, lpBuffer=0x2f96ad4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2f96ad4*, lpNumberOfBytesRead=0x2ae8b4*=0x119, lpOverlapped=0x0) returned 1 [0156.967] GetLastError () returned 0x0 [0156.967] ReadFile (in: hFile=0x324, lpBuffer=0x2f96ad4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2f96ad4*, lpNumberOfBytesRead=0x2ae8b4*=0x0, lpOverlapped=0x0) returned 1 [0156.967] GetLastError () returned 0x0 [0156.967] CloseHandle (hObject=0x324) returned 1 [0156.968] GetLastError () returned 0x0 [0156.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae414, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0156.968] GetLastError () returned 0x0 [0156.968] SetErrorMode (uMode=0x1) returned 0x1 [0156.968] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2fb7ad0 | out: lpFileInformation=0x2fb7ad0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1 [0156.968] GetLastError () returned 0x0 [0156.968] SetErrorMode (uMode=0x1) returned 0x1 [0156.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0156.968] GetLastError () returned 0x0 [0156.968] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae838 | out: phkResult=0x2ae838*=0x324) returned 0x0 [0156.968] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2ae880, lpData=0x0, lpcbData=0x2ae87c*=0x0 | out: lpType=0x2ae880*=0x1, lpData=0x0, lpcbData=0x2ae87c*=0x56) returned 0x0 [0156.968] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2ae880, lpData=0x7462f0, lpcbData=0x2ae87c*=0x56 | out: lpType=0x2ae880*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2ae87c*=0x56) returned 0x0 [0156.969] RegCloseKey (hKey=0x324) returned 0x0 [0156.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0156.969] GetLastError () returned 0x0 [0156.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae374, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0156.969] GetLastError () returned 0x0 [0156.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0156.970] GetLastError () returned 0x0 [0156.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0156.970] GetLastError () returned 0x0 [0156.970] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae090, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0156.970] GetLastError () returned 0x0 [0156.970] VirtualQuery (in: lpAddress=0x2ad590, lpBuffer=0x2ae590, dwLength=0x1c | out: lpBuffer=0x2ae590*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.970] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xfca6d104, Data2=0xedb4, Data3=0x44b0, Data4=([0]=0x89, [1]=0x9d, [2]=0x8, [3]=0xe2, [4]=0xc3, [5]=0x42, [6]=0xb6, [7]=0x40))) returned 0x0 [0156.970] VirtualQuery (in: lpAddress=0x2ad5e0, lpBuffer=0x2ae5e0, dwLength=0x1c | out: lpBuffer=0x2ae5e0*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.971] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x4f66dcd0, Data2=0x9ee8, Data3=0x4a56, Data4=([0]=0x8b, [1]=0xa, [2]=0x6e, [3]=0x6f, [4]=0x8f, [5]=0x70, [6]=0x46, [7]=0xfe))) returned 0x0 [0156.971] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xa77dfa10, Data2=0xb378, Data3=0x4cfb, Data4=([0]=0xab, [1]=0x8a, [2]=0xa9, [3]=0xa7, [4]=0x27, [5]=0x8d, [6]=0x1, [7]=0x22))) returned 0x0 [0156.971] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xec006b0d, Data2=0x5a86, Data3=0x4985, Data4=([0]=0xba, [1]=0xcc, [2]=0xc4, [3]=0x48, [4]=0xf2, [5]=0xe3, [6]=0xc5, [7]=0x0))) returned 0x0 [0156.971] VirtualQuery (in: lpAddress=0x2ad5e0, lpBuffer=0x2ae5e0, dwLength=0x1c | out: lpBuffer=0x2ae5e0*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.971] VirtualQuery (in: lpAddress=0x2ad5e0, lpBuffer=0x2ae5e0, dwLength=0x1c | out: lpBuffer=0x2ae5e0*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.971] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae34c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0156.971] GetLastError () returned 0x0 [0156.971] SetErrorMode (uMode=0x1) returned 0x1 [0156.972] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324 [0156.972] GetLastError () returned 0x0 [0156.972] GetFileType (hFile=0x324) returned 0x1 [0156.972] SetErrorMode (uMode=0x1) returned 0x1 [0156.972] GetFileType (hFile=0x324) returned 0x1 [0156.972] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.027] GetLastError () returned 0x0 [0157.029] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.029] GetLastError () returned 0x0 [0157.029] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.029] GetLastError () returned 0x0 [0157.030] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.030] GetLastError () returned 0x0 [0157.030] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.030] GetLastError () returned 0x0 [0157.030] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.030] GetLastError () returned 0x0 [0157.031] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.031] GetLastError () returned 0x0 [0157.031] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.031] GetLastError () returned 0x0 [0157.032] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.032] GetLastError () returned 0x0 [0157.032] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.032] GetLastError () returned 0x0 [0157.032] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.032] GetLastError () returned 0x0 [0157.033] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.033] GetLastError () returned 0x0 [0157.033] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.033] GetLastError () returned 0x0 [0157.033] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.033] GetLastError () returned 0x0 [0157.033] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.034] GetLastError () returned 0x0 [0157.035] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.035] GetLastError () returned 0x0 [0157.037] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.037] GetLastError () returned 0x0 [0157.037] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.038] GetLastError () returned 0x0 [0157.038] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.038] GetLastError () returned 0x0 [0157.038] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.038] GetLastError () returned 0x0 [0157.038] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.038] GetLastError () returned 0x0 [0157.039] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.039] GetLastError () returned 0x0 [0157.039] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.039] GetLastError () returned 0x0 [0157.039] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.039] GetLastError () returned 0x0 [0157.039] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.039] GetLastError () returned 0x0 [0157.040] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.040] GetLastError () returned 0x0 [0157.040] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.040] GetLastError () returned 0x0 [0157.040] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.040] GetLastError () returned 0x0 [0157.040] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.040] GetLastError () returned 0x0 [0157.041] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.041] GetLastError () returned 0x0 [0157.041] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.041] GetLastError () returned 0x0 [0157.041] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.041] GetLastError () returned 0x0 [0157.046] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.046] GetLastError () returned 0x0 [0157.046] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.047] GetLastError () returned 0x0 [0157.047] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.047] GetLastError () returned 0x0 [0157.047] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.047] GetLastError () returned 0x0 [0157.047] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.047] GetLastError () returned 0x0 [0157.047] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.048] GetLastError () returned 0x0 [0157.048] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.048] GetLastError () returned 0x0 [0157.048] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.048] GetLastError () returned 0x0 [0157.048] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.048] GetLastError () returned 0x0 [0157.048] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.049] GetLastError () returned 0x0 [0157.049] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.049] GetLastError () returned 0x0 [0157.049] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.049] GetLastError () returned 0x0 [0157.049] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.049] GetLastError () returned 0x0 [0157.049] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.049] GetLastError () returned 0x0 [0157.049] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.050] GetLastError () returned 0x0 [0157.050] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.050] GetLastError () returned 0x0 [0157.050] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.050] GetLastError () returned 0x0 [0157.050] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.050] GetLastError () returned 0x0 [0157.050] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.050] GetLastError () returned 0x0 [0157.050] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.051] GetLastError () returned 0x0 [0157.051] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.051] GetLastError () returned 0x0 [0157.051] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.051] GetLastError () returned 0x0 [0157.051] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.051] GetLastError () returned 0x0 [0157.051] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.051] GetLastError () returned 0x0 [0157.051] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.051] GetLastError () returned 0x0 [0157.052] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.052] GetLastError () returned 0x0 [0157.052] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.052] GetLastError () returned 0x0 [0157.052] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.052] GetLastError () returned 0x0 [0157.052] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.052] GetLastError () returned 0x0 [0157.052] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.052] GetLastError () returned 0x0 [0157.052] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0xf37, lpOverlapped=0x0) returned 1 [0157.053] GetLastError () returned 0x0 [0157.053] ReadFile (in: hFile=0x324, lpBuffer=0x2fe01cf, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe01cf*, lpNumberOfBytesRead=0x2ae8b4*=0x0, lpOverlapped=0x0) returned 1 [0157.053] GetLastError () returned 0x0 [0157.053] ReadFile (in: hFile=0x324, lpBuffer=0x2fe0af8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x2fe0af8*, lpNumberOfBytesRead=0x2ae8b4*=0x0, lpOverlapped=0x0) returned 1 [0157.053] GetLastError () returned 0x0 [0157.053] CloseHandle (hObject=0x324) returned 1 [0157.053] GetLastError () returned 0x0 [0157.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae414, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0157.053] GetLastError () returned 0x0 [0157.053] SetErrorMode (uMode=0x1) returned 0x1 [0157.053] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x3001af4 | out: lpFileInformation=0x3001af4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1 [0157.053] GetLastError () returned 0x0 [0157.053] SetErrorMode (uMode=0x1) returned 0x1 [0157.053] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0157.053] GetLastError () returned 0x0 [0157.054] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae838 | out: phkResult=0x2ae838*=0x324) returned 0x0 [0157.054] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2ae880, lpData=0x0, lpcbData=0x2ae87c*=0x0 | out: lpType=0x2ae880*=0x1, lpData=0x0, lpcbData=0x2ae87c*=0x56) returned 0x0 [0157.054] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2ae880, lpData=0x7462f0, lpcbData=0x2ae87c*=0x56 | out: lpType=0x2ae880*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2ae87c*=0x56) returned 0x0 [0157.054] RegCloseKey (hKey=0x324) returned 0x0 [0157.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0157.054] GetLastError () returned 0x0 [0157.055] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x2ae374, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0157.055] GetLastError () returned 0x0 [0157.067] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x2f49a0ac, Data2=0x5559, Data3=0x45a4, Data4=([0]=0xa1, [1]=0x4d, [2]=0xdd, [3]=0xe3, [4]=0x23, [5]=0xd, [6]=0xc1, [7]=0x4a))) returned 0x0 [0157.067] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x10f417a7, Data2=0xb7b4, Data3=0x4839, Data4=([0]=0x89, [1]=0x2b, [2]=0x2d, [3]=0x53, [4]=0x39, [5]=0xe2, [6]=0xd0, [7]=0xa5))) returned 0x0 [0157.067] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.068] GetLastError () returned 0x0 [0157.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.068] GetLastError () returned 0x0 [0157.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.068] GetLastError () returned 0x0 [0157.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.068] GetLastError () returned 0x0 [0157.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.108] GetLastError () returned 0x0 [0157.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.108] GetLastError () returned 0x0 [0157.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.108] GetLastError () returned 0x0 [0157.108] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xadd8783, Data2=0xe117, Data3=0x4ec5, Data4=([0]=0x8a, [1]=0xd3, [2]=0x68, [3]=0xc7, [4]=0x58, [5]=0x6f, [6]=0x67, [7]=0x24))) returned 0x0 [0157.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adfb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.108] GetLastError () returned 0x0 [0157.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.108] GetLastError () returned 0x0 [0157.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.108] GetLastError () returned 0x0 [0157.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adfb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.108] GetLastError () returned 0x0 [0157.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.108] GetLastError () returned 0x0 [0157.108] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.109] GetLastError () returned 0x0 [0157.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.109] GetLastError () returned 0x0 [0157.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.109] GetLastError () returned 0x0 [0157.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.109] GetLastError () returned 0x0 [0157.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.109] GetLastError () returned 0x0 [0157.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.109] GetLastError () returned 0x0 [0157.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.109] GetLastError () returned 0x0 [0157.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.109] GetLastError () returned 0x0 [0157.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.109] GetLastError () returned 0x0 [0157.109] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.109] GetLastError () returned 0x0 [0157.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.110] GetLastError () returned 0x0 [0157.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.110] GetLastError () returned 0x0 [0157.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.110] GetLastError () returned 0x0 [0157.111] VirtualQuery (in: lpAddress=0x2ad1f4, lpBuffer=0x2ae1f4, dwLength=0x1c | out: lpBuffer=0x2ae1f4*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.111] VirtualQuery (in: lpAddress=0x2ad230, lpBuffer=0x2ae230, dwLength=0x1c | out: lpBuffer=0x2ae230*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.111] GetLastError () returned 0x0 [0157.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.112] GetLastError () returned 0x0 [0157.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.112] GetLastError () returned 0x0 [0157.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.112] GetLastError () returned 0x0 [0157.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.112] GetLastError () returned 0x0 [0157.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.112] GetLastError () returned 0x0 [0157.112] VirtualQuery (in: lpAddress=0x2ad560, lpBuffer=0x2ae560, dwLength=0x1c | out: lpBuffer=0x2ae560*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.112] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.112] GetLastError () returned 0x0 [0157.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.113] GetLastError () returned 0x0 [0157.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.113] GetLastError () returned 0x0 [0157.113] VirtualQuery (in: lpAddress=0x2ad560, lpBuffer=0x2ae560, dwLength=0x1c | out: lpBuffer=0x2ae560*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.113] GetLastError () returned 0x0 [0157.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.113] GetLastError () returned 0x0 [0157.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.113] GetLastError () returned 0x0 [0157.113] VirtualQuery (in: lpAddress=0x2ad560, lpBuffer=0x2ae560, dwLength=0x1c | out: lpBuffer=0x2ae560*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.114] VirtualQuery (in: lpAddress=0x2ad4f8, lpBuffer=0x2ae4f8, dwLength=0x1c | out: lpBuffer=0x2ae4f8*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.114] VirtualQuery (in: lpAddress=0x2ad534, lpBuffer=0x2ae534, dwLength=0x1c | out: lpBuffer=0x2ae534*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.115] VirtualQuery (in: lpAddress=0x2ad4f8, lpBuffer=0x2ae4f8, dwLength=0x1c | out: lpBuffer=0x2ae4f8*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.115] VirtualQuery (in: lpAddress=0x2ad534, lpBuffer=0x2ae534, dwLength=0x1c | out: lpBuffer=0x2ae534*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.116] VirtualQuery (in: lpAddress=0x2ad534, lpBuffer=0x2ae534, dwLength=0x1c | out: lpBuffer=0x2ae534*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.116] VirtualQuery (in: lpAddress=0x2ad4f8, lpBuffer=0x2ae4f8, dwLength=0x1c | out: lpBuffer=0x2ae4f8*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.116] VirtualQuery (in: lpAddress=0x2ad534, lpBuffer=0x2ae534, dwLength=0x1c | out: lpBuffer=0x2ae534*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.116] VirtualQuery (in: lpAddress=0x2ad4f8, lpBuffer=0x2ae4f8, dwLength=0x1c | out: lpBuffer=0x2ae4f8*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.116] VirtualQuery (in: lpAddress=0x2ad534, lpBuffer=0x2ae534, dwLength=0x1c | out: lpBuffer=0x2ae534*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.116] VirtualQuery (in: lpAddress=0x2ad4f8, lpBuffer=0x2ae4f8, dwLength=0x1c | out: lpBuffer=0x2ae4f8*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.118] VirtualQuery (in: lpAddress=0x2ad534, lpBuffer=0x2ae534, dwLength=0x1c | out: lpBuffer=0x2ae534*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.118] VirtualQuery (in: lpAddress=0x2ad39c, lpBuffer=0x2ae39c, dwLength=0x1c | out: lpBuffer=0x2ae39c*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.118] VirtualQuery (in: lpAddress=0x2ad4f8, lpBuffer=0x2ae4f8, dwLength=0x1c | out: lpBuffer=0x2ae4f8*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.119] VirtualQuery (in: lpAddress=0x2ad534, lpBuffer=0x2ae534, dwLength=0x1c | out: lpBuffer=0x2ae534*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.119] VirtualQuery (in: lpAddress=0x2ad4f8, lpBuffer=0x2ae4f8, dwLength=0x1c | out: lpBuffer=0x2ae4f8*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.119] VirtualQuery (in: lpAddress=0x2ad534, lpBuffer=0x2ae534, dwLength=0x1c | out: lpBuffer=0x2ae534*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.120] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x38277ad4, Data2=0x99b1, Data3=0x425f, Data4=([0]=0x9a, [1]=0x6, [2]=0x51, [3]=0x3a, [4]=0x12, [5]=0xcb, [6]=0x95, [7]=0x6b))) returned 0x0 [0157.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adfb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.120] GetLastError () returned 0x0 [0157.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.120] GetLastError () returned 0x0 [0157.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.120] GetLastError () returned 0x0 [0157.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adfb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.120] GetLastError () returned 0x0 [0157.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.120] GetLastError () returned 0x0 [0157.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.120] GetLastError () returned 0x0 [0157.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.120] GetLastError () returned 0x0 [0157.120] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.121] GetLastError () returned 0x0 [0157.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.121] GetLastError () returned 0x0 [0157.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.121] GetLastError () returned 0x0 [0157.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.121] GetLastError () returned 0x0 [0157.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.121] GetLastError () returned 0x0 [0157.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.121] GetLastError () returned 0x0 [0157.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.121] GetLastError () returned 0x0 [0157.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.121] GetLastError () returned 0x0 [0157.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.121] GetLastError () returned 0x0 [0157.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.121] GetLastError () returned 0x0 [0157.121] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.121] GetLastError () returned 0x0 [0157.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.122] GetLastError () returned 0x0 [0157.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.122] GetLastError () returned 0x0 [0157.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.122] GetLastError () returned 0x0 [0157.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.122] GetLastError () returned 0x0 [0157.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.122] GetLastError () returned 0x0 [0157.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.122] GetLastError () returned 0x0 [0157.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.122] GetLastError () returned 0x0 [0157.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.122] GetLastError () returned 0x0 [0157.122] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.122] GetLastError () returned 0x0 [0157.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.123] GetLastError () returned 0x0 [0157.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.123] GetLastError () returned 0x0 [0157.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.123] GetLastError () returned 0x0 [0157.123] VirtualQuery (in: lpAddress=0x2ad560, lpBuffer=0x2ae560, dwLength=0x1c | out: lpBuffer=0x2ae560*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.123] GetLastError () returned 0x0 [0157.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.123] GetLastError () returned 0x0 [0157.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.123] GetLastError () returned 0x0 [0157.124] VirtualQuery (in: lpAddress=0x2ad560, lpBuffer=0x2ae560, dwLength=0x1c | out: lpBuffer=0x2ae560*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.124] GetLastError () returned 0x0 [0157.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.124] GetLastError () returned 0x0 [0157.124] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.124] GetLastError () returned 0x0 [0157.124] VirtualQuery (in: lpAddress=0x2ad560, lpBuffer=0x2ae560, dwLength=0x1c | out: lpBuffer=0x2ae560*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.124] VirtualQuery (in: lpAddress=0x2ad4f8, lpBuffer=0x2ae4f8, dwLength=0x1c | out: lpBuffer=0x2ae4f8*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.125] VirtualQuery (in: lpAddress=0x2ad534, lpBuffer=0x2ae534, dwLength=0x1c | out: lpBuffer=0x2ae534*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.126] VirtualQuery (in: lpAddress=0x2ad4f8, lpBuffer=0x2ae4f8, dwLength=0x1c | out: lpBuffer=0x2ae4f8*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.126] VirtualQuery (in: lpAddress=0x2ad534, lpBuffer=0x2ae534, dwLength=0x1c | out: lpBuffer=0x2ae534*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.126] VirtualQuery (in: lpAddress=0x2ad534, lpBuffer=0x2ae534, dwLength=0x1c | out: lpBuffer=0x2ae534*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.126] VirtualQuery (in: lpAddress=0x2ad4f8, lpBuffer=0x2ae4f8, dwLength=0x1c | out: lpBuffer=0x2ae4f8*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.127] VirtualQuery (in: lpAddress=0x2ad534, lpBuffer=0x2ae534, dwLength=0x1c | out: lpBuffer=0x2ae534*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.127] VirtualQuery (in: lpAddress=0x2ad4f8, lpBuffer=0x2ae4f8, dwLength=0x1c | out: lpBuffer=0x2ae4f8*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.127] VirtualQuery (in: lpAddress=0x2ad534, lpBuffer=0x2ae534, dwLength=0x1c | out: lpBuffer=0x2ae534*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.127] VirtualQuery (in: lpAddress=0x2ad4f8, lpBuffer=0x2ae4f8, dwLength=0x1c | out: lpBuffer=0x2ae4f8*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.128] VirtualQuery (in: lpAddress=0x2ad534, lpBuffer=0x2ae534, dwLength=0x1c | out: lpBuffer=0x2ae534*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.128] VirtualQuery (in: lpAddress=0x2ad39c, lpBuffer=0x2ae39c, dwLength=0x1c | out: lpBuffer=0x2ae39c*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.128] VirtualQuery (in: lpAddress=0x2ad4f8, lpBuffer=0x2ae4f8, dwLength=0x1c | out: lpBuffer=0x2ae4f8*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.129] VirtualQuery (in: lpAddress=0x2ad534, lpBuffer=0x2ae534, dwLength=0x1c | out: lpBuffer=0x2ae534*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.129] VirtualQuery (in: lpAddress=0x2ad4f8, lpBuffer=0x2ae4f8, dwLength=0x1c | out: lpBuffer=0x2ae4f8*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.130] VirtualQuery (in: lpAddress=0x2ad534, lpBuffer=0x2ae534, dwLength=0x1c | out: lpBuffer=0x2ae534*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.130] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x3a191da3, Data2=0x76c4, Data3=0x4983, Data4=([0]=0xb8, [1]=0xee, [2]=0xe7, [3]=0x5f, [4]=0xcc, [5]=0xea, [6]=0xb, [7]=0x42))) returned 0x0 [0157.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adfb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.130] GetLastError () returned 0x0 [0157.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.130] GetLastError () returned 0x0 [0157.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.130] GetLastError () returned 0x0 [0157.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adfb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.130] GetLastError () returned 0x0 [0157.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.130] GetLastError () returned 0x0 [0157.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.130] GetLastError () returned 0x0 [0157.131] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xd728434a, Data2=0x3d1, Data3=0x4b05, Data4=([0]=0xb3, [1]=0xde, [2]=0xe5, [3]=0xa9, [4]=0x6a, [5]=0x8e, [6]=0xff, [7]=0x6b))) returned 0x0 [0157.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adfb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.131] GetLastError () returned 0x0 [0157.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.131] GetLastError () returned 0x0 [0157.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.131] GetLastError () returned 0x0 [0157.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adfb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.131] GetLastError () returned 0x0 [0157.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.131] GetLastError () returned 0x0 [0157.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.131] GetLastError () returned 0x0 [0157.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.131] GetLastError () returned 0x0 [0157.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.131] GetLastError () returned 0x0 [0157.132] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.132] GetLastError () returned 0x0 [0157.132] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.132] GetLastError () returned 0x0 [0157.132] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.132] GetLastError () returned 0x0 [0157.132] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.132] GetLastError () returned 0x0 [0157.132] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.132] GetLastError () returned 0x0 [0157.132] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.132] GetLastError () returned 0x0 [0157.132] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.132] GetLastError () returned 0x0 [0157.132] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.132] GetLastError () returned 0x0 [0157.133] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.133] GetLastError () returned 0x0 [0157.133] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.133] GetLastError () returned 0x0 [0157.133] VirtualQuery (in: lpAddress=0x2ad154, lpBuffer=0x2ae154, dwLength=0x1c | out: lpBuffer=0x2ae154*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.133] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.133] GetLastError () returned 0x0 [0157.133] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.133] GetLastError () returned 0x0 [0157.133] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.133] GetLastError () returned 0x0 [0157.133] VirtualQuery (in: lpAddress=0x2ad154, lpBuffer=0x2ae154, dwLength=0x1c | out: lpBuffer=0x2ae154*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.134] VirtualQuery (in: lpAddress=0x2ad190, lpBuffer=0x2ae190, dwLength=0x1c | out: lpBuffer=0x2ae190*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adb48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.134] GetLastError () returned 0x0 [0157.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.134] GetLastError () returned 0x0 [0157.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.134] GetLastError () returned 0x0 [0157.134] VirtualQuery (in: lpAddress=0x2ad154, lpBuffer=0x2ae154, dwLength=0x1c | out: lpBuffer=0x2ae154*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.134] VirtualQuery (in: lpAddress=0x2ad190, lpBuffer=0x2ae190, dwLength=0x1c | out: lpBuffer=0x2ae190*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adb48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.134] GetLastError () returned 0x0 [0157.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.134] GetLastError () returned 0x0 [0157.134] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.134] GetLastError () returned 0x0 [0157.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.135] GetLastError () returned 0x0 [0157.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.135] GetLastError () returned 0x0 [0157.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.135] GetLastError () returned 0x0 [0157.135] VirtualQuery (in: lpAddress=0x2ad154, lpBuffer=0x2ae154, dwLength=0x1c | out: lpBuffer=0x2ae154*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.135] VirtualQuery (in: lpAddress=0x2ad190, lpBuffer=0x2ae190, dwLength=0x1c | out: lpBuffer=0x2ae190*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adb48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.135] GetLastError () returned 0x0 [0157.135] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.135] GetLastError () returned 0x0 [0157.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.136] GetLastError () returned 0x0 [0157.136] VirtualQuery (in: lpAddress=0x2ad154, lpBuffer=0x2ae154, dwLength=0x1c | out: lpBuffer=0x2ae154*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.136] VirtualQuery (in: lpAddress=0x2ad190, lpBuffer=0x2ae190, dwLength=0x1c | out: lpBuffer=0x2ae190*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.136] GetLastError () returned 0x0 [0157.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.136] GetLastError () returned 0x0 [0157.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.136] GetLastError () returned 0x0 [0157.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.136] GetLastError () returned 0x0 [0157.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.136] GetLastError () returned 0x0 [0157.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.136] GetLastError () returned 0x0 [0157.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.137] GetLastError () returned 0x0 [0157.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.137] GetLastError () returned 0x0 [0157.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.137] GetLastError () returned 0x0 [0157.137] VirtualQuery (in: lpAddress=0x2ad154, lpBuffer=0x2ae154, dwLength=0x1c | out: lpBuffer=0x2ae154*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.137] VirtualQuery (in: lpAddress=0x2ad190, lpBuffer=0x2ae190, dwLength=0x1c | out: lpBuffer=0x2ae190*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adb48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.137] GetLastError () returned 0x0 [0157.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.137] GetLastError () returned 0x0 [0157.137] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.137] GetLastError () returned 0x0 [0157.138] VirtualQuery (in: lpAddress=0x2ad154, lpBuffer=0x2ae154, dwLength=0x1c | out: lpBuffer=0x2ae154*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.138] VirtualQuery (in: lpAddress=0x2ad190, lpBuffer=0x2ae190, dwLength=0x1c | out: lpBuffer=0x2ae190*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adb48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.138] GetLastError () returned 0x0 [0157.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.138] GetLastError () returned 0x0 [0157.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.138] GetLastError () returned 0x0 [0157.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.138] GetLastError () returned 0x0 [0157.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.138] GetLastError () returned 0x0 [0157.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae060, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.138] GetLastError () returned 0x0 [0157.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae010, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.138] GetLastError () returned 0x0 [0157.138] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.138] GetLastError () returned 0x0 [0157.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.139] GetLastError () returned 0x0 [0157.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.139] GetLastError () returned 0x0 [0157.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.139] GetLastError () returned 0x0 [0157.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.139] GetLastError () returned 0x0 [0157.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.139] GetLastError () returned 0x0 [0157.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.139] GetLastError () returned 0x0 [0157.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.139] GetLastError () returned 0x0 [0157.139] VirtualQuery (in: lpAddress=0x2ad5c4, lpBuffer=0x2ae5c4, dwLength=0x1c | out: lpBuffer=0x2ae5c4*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adfb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.140] GetLastError () returned 0x0 [0157.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.140] GetLastError () returned 0x0 [0157.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.140] GetLastError () returned 0x0 [0157.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.140] GetLastError () returned 0x0 [0157.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.140] GetLastError () returned 0x0 [0157.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.140] GetLastError () returned 0x0 [0157.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.140] GetLastError () returned 0x0 [0157.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.140] GetLastError () returned 0x0 [0157.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.140] GetLastError () returned 0x0 [0157.140] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.140] GetLastError () returned 0x0 [0157.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.141] GetLastError () returned 0x0 [0157.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.141] GetLastError () returned 0x0 [0157.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.141] GetLastError () returned 0x0 [0157.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.141] GetLastError () returned 0x0 [0157.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.141] GetLastError () returned 0x0 [0157.141] VirtualQuery (in: lpAddress=0x2ad5c4, lpBuffer=0x2ae5c4, dwLength=0x1c | out: lpBuffer=0x2ae5c4*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adfb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.141] GetLastError () returned 0x0 [0157.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.142] GetLastError () returned 0x0 [0157.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.142] GetLastError () returned 0x0 [0157.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.142] GetLastError () returned 0x0 [0157.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.142] GetLastError () returned 0x0 [0157.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.142] GetLastError () returned 0x0 [0157.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.142] GetLastError () returned 0x0 [0157.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.142] GetLastError () returned 0x0 [0157.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.142] GetLastError () returned 0x0 [0157.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.142] GetLastError () returned 0x0 [0157.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.142] GetLastError () returned 0x0 [0157.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.143] GetLastError () returned 0x0 [0157.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.143] GetLastError () returned 0x0 [0157.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.143] GetLastError () returned 0x0 [0157.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2add30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.143] GetLastError () returned 0x0 [0157.143] VirtualQuery (in: lpAddress=0x2ad5c4, lpBuffer=0x2ae5c4, dwLength=0x1c | out: lpBuffer=0x2ae5c4*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adfb8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.144] GetLastError () returned 0x0 [0157.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.144] GetLastError () returned 0x0 [0157.144] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.144] GetLastError () returned 0x0 [0157.145] VirtualQuery (in: lpAddress=0x2ad5c4, lpBuffer=0x2ae5c4, dwLength=0x1c | out: lpBuffer=0x2ae5c4*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.145] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.146] GetLastError () returned 0x0 [0157.146] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.146] GetLastError () returned 0x0 [0157.146] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.146] GetLastError () returned 0x0 [0157.146] VirtualQuery (in: lpAddress=0x2ad1f4, lpBuffer=0x2ae1f4, dwLength=0x1c | out: lpBuffer=0x2ae1f4*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.146] VirtualQuery (in: lpAddress=0x2ad230, lpBuffer=0x2ae230, dwLength=0x1c | out: lpBuffer=0x2ae230*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.146] VirtualQuery (in: lpAddress=0x2ad4f8, lpBuffer=0x2ae4f8, dwLength=0x1c | out: lpBuffer=0x2ae4f8*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.146] VirtualQuery (in: lpAddress=0x2ad534, lpBuffer=0x2ae534, dwLength=0x1c | out: lpBuffer=0x2ae534*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.147] VirtualQuery (in: lpAddress=0x2ad4f8, lpBuffer=0x2ae4f8, dwLength=0x1c | out: lpBuffer=0x2ae4f8*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.147] VirtualQuery (in: lpAddress=0x2ad534, lpBuffer=0x2ae534, dwLength=0x1c | out: lpBuffer=0x2ae534*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.147] VirtualQuery (in: lpAddress=0x2ad534, lpBuffer=0x2ae534, dwLength=0x1c | out: lpBuffer=0x2ae534*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.147] VirtualQuery (in: lpAddress=0x2ad4f8, lpBuffer=0x2ae4f8, dwLength=0x1c | out: lpBuffer=0x2ae4f8*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.148] VirtualQuery (in: lpAddress=0x2ad534, lpBuffer=0x2ae534, dwLength=0x1c | out: lpBuffer=0x2ae534*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.148] VirtualQuery (in: lpAddress=0x2ad4f8, lpBuffer=0x2ae4f8, dwLength=0x1c | out: lpBuffer=0x2ae4f8*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.148] VirtualQuery (in: lpAddress=0x2ad534, lpBuffer=0x2ae534, dwLength=0x1c | out: lpBuffer=0x2ae534*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.148] VirtualQuery (in: lpAddress=0x2ad4f8, lpBuffer=0x2ae4f8, dwLength=0x1c | out: lpBuffer=0x2ae4f8*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.149] VirtualQuery (in: lpAddress=0x2ad534, lpBuffer=0x2ae534, dwLength=0x1c | out: lpBuffer=0x2ae534*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.149] VirtualQuery (in: lpAddress=0x2ad39c, lpBuffer=0x2ae39c, dwLength=0x1c | out: lpBuffer=0x2ae39c*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.149] VirtualQuery (in: lpAddress=0x2ad4f8, lpBuffer=0x2ae4f8, dwLength=0x1c | out: lpBuffer=0x2ae4f8*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.149] VirtualQuery (in: lpAddress=0x2ad534, lpBuffer=0x2ae534, dwLength=0x1c | out: lpBuffer=0x2ae534*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.149] VirtualQuery (in: lpAddress=0x2ad4f8, lpBuffer=0x2ae4f8, dwLength=0x1c | out: lpBuffer=0x2ae4f8*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.149] VirtualQuery (in: lpAddress=0x2ad534, lpBuffer=0x2ae534, dwLength=0x1c | out: lpBuffer=0x2ae534*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.150] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x99bfc74e, Data2=0x1292, Data3=0x430d, Data4=([0]=0xb9, [1]=0x5b, [2]=0x42, [3]=0x1f, [4]=0x94, [5]=0x36, [6]=0x12, [7]=0x51))) returned 0x0 [0157.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.150] GetLastError () returned 0x0 [0157.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.150] GetLastError () returned 0x0 [0157.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.150] GetLastError () returned 0x0 [0157.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.150] GetLastError () returned 0x0 [0157.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.150] GetLastError () returned 0x0 [0157.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.150] GetLastError () returned 0x0 [0157.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.150] GetLastError () returned 0x0 [0157.150] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.151] GetLastError () returned 0x0 [0157.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.151] GetLastError () returned 0x0 [0157.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.151] GetLastError () returned 0x0 [0157.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.151] GetLastError () returned 0x0 [0157.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.151] GetLastError () returned 0x0 [0157.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.151] GetLastError () returned 0x0 [0157.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.151] GetLastError () returned 0x0 [0157.151] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.151] GetLastError () returned 0x0 [0157.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.152] GetLastError () returned 0x0 [0157.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.152] GetLastError () returned 0x0 [0157.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.152] GetLastError () returned 0x0 [0157.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.152] GetLastError () returned 0x0 [0157.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.152] GetLastError () returned 0x0 [0157.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.152] GetLastError () returned 0x0 [0157.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.152] GetLastError () returned 0x0 [0157.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.152] GetLastError () returned 0x0 [0157.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.152] GetLastError () returned 0x0 [0157.152] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.152] GetLastError () returned 0x0 [0157.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.153] GetLastError () returned 0x0 [0157.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.153] GetLastError () returned 0x0 [0157.153] VirtualQuery (in: lpAddress=0x2ad1f4, lpBuffer=0x2ae1f4, dwLength=0x1c | out: lpBuffer=0x2ae1f4*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.153] VirtualQuery (in: lpAddress=0x2ad230, lpBuffer=0x2ae230, dwLength=0x1c | out: lpBuffer=0x2ae230*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adfe4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.154] GetLastError () returned 0x0 [0157.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.154] GetLastError () returned 0x0 [0157.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.154] GetLastError () returned 0x0 [0157.154] VirtualQuery (in: lpAddress=0x2ad2fc, lpBuffer=0x2ae2fc, dwLength=0x1c | out: lpBuffer=0x2ae2fc*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adfe4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.154] GetLastError () returned 0x0 [0157.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.154] GetLastError () returned 0x0 [0157.154] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.154] GetLastError () returned 0x0 [0157.154] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x15d2f746, Data2=0xf4fb, Data3=0x478e, Data4=([0]=0x91, [1]=0xc2, [2]=0xec, [3]=0x37, [4]=0x7b, [5]=0xee, [6]=0x48, [7]=0xa4))) returned 0x0 [0157.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.155] GetLastError () returned 0x0 [0157.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.155] GetLastError () returned 0x0 [0157.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.155] GetLastError () returned 0x0 [0157.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.155] GetLastError () returned 0x0 [0157.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.155] GetLastError () returned 0x0 [0157.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.155] GetLastError () returned 0x0 [0157.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.155] GetLastError () returned 0x0 [0157.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.155] GetLastError () returned 0x0 [0157.155] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.155] GetLastError () returned 0x0 [0157.155] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xcd728896, Data2=0x91f9, Data3=0x4d97, Data4=([0]=0xa7, [1]=0xc3, [2]=0x91, [3]=0x7c, [4]=0xb2, [5]=0xc6, [6]=0x4d, [7]=0x41))) returned 0x0 [0157.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.156] GetLastError () returned 0x0 [0157.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.156] GetLastError () returned 0x0 [0157.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.156] GetLastError () returned 0x0 [0157.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.156] GetLastError () returned 0x0 [0157.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.156] GetLastError () returned 0x0 [0157.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.156] GetLastError () returned 0x0 [0157.156] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xee614a5a, Data2=0x4faa, Data3=0x4d1f, Data4=([0]=0x86, [1]=0xb6, [2]=0xf2, [3]=0xaf, [4]=0xd6, [5]=0xc5, [6]=0x9c, [7]=0x3))) returned 0x0 [0157.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.157] GetLastError () returned 0x0 [0157.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.157] GetLastError () returned 0x0 [0157.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.157] GetLastError () returned 0x0 [0157.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.157] GetLastError () returned 0x0 [0157.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.157] GetLastError () returned 0x0 [0157.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.157] GetLastError () returned 0x0 [0157.157] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xb20b9085, Data2=0x432c, Data3=0x459c, Data4=([0]=0x87, [1]=0x22, [2]=0x34, [3]=0x55, [4]=0xf2, [5]=0xf5, [6]=0x8a, [7]=0x20))) returned 0x0 [0157.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.157] GetLastError () returned 0x0 [0157.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.158] GetLastError () returned 0x0 [0157.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.158] GetLastError () returned 0x0 [0157.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.158] GetLastError () returned 0x0 [0157.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.158] GetLastError () returned 0x0 [0157.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.158] GetLastError () returned 0x0 [0157.158] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x2976b6a4, Data2=0xe9b5, Data3=0x4d55, Data4=([0]=0x9c, [1]=0xb2, [2]=0x80, [3]=0x36, [4]=0x70, [5]=0xa, [6]=0x49, [7]=0xfe))) returned 0x0 [0157.158] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x42bff595, Data2=0x73f0, Data3=0x4e30, Data4=([0]=0xb8, [1]=0xd, [2]=0x25, [3]=0x70, [4]=0x7e, [5]=0xac, [6]=0xe9, [7]=0x4))) returned 0x0 [0157.158] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x91ffc0e3, Data2=0xe8f6, Data3=0x4ea7, Data4=([0]=0xb0, [1]=0x48, [2]=0xb7, [3]=0xc9, [4]=0x2e, [5]=0xb0, [6]=0xaf, [7]=0xda))) returned 0x0 [0157.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.159] GetLastError () returned 0x0 [0157.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.159] GetLastError () returned 0x0 [0157.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.159] GetLastError () returned 0x0 [0157.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.159] GetLastError () returned 0x0 [0157.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.159] GetLastError () returned 0x0 [0157.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.159] GetLastError () returned 0x0 [0157.159] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x3eeb8738, Data2=0x2f18, Data3=0x4987, Data4=([0]=0x93, [1]=0x33, [2]=0x96, [3]=0x6, [4]=0xfa, [5]=0x83, [6]=0xde, [7]=0x58))) returned 0x0 [0157.160] VirtualQuery (in: lpAddress=0x2ad154, lpBuffer=0x2ae154, dwLength=0x1c | out: lpBuffer=0x2ae154*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.160] GetLastError () returned 0x0 [0157.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.160] GetLastError () returned 0x0 [0157.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.160] GetLastError () returned 0x0 [0157.160] VirtualQuery (in: lpAddress=0x2ad154, lpBuffer=0x2ae154, dwLength=0x1c | out: lpBuffer=0x2ae154*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.160] VirtualQuery (in: lpAddress=0x2ad190, lpBuffer=0x2ae190, dwLength=0x1c | out: lpBuffer=0x2ae190*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adb48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.160] GetLastError () returned 0x0 [0157.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.160] GetLastError () returned 0x0 [0157.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.161] GetLastError () returned 0x0 [0157.161] VirtualQuery (in: lpAddress=0x2ad154, lpBuffer=0x2ae154, dwLength=0x1c | out: lpBuffer=0x2ae154*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.161] VirtualQuery (in: lpAddress=0x2ad190, lpBuffer=0x2ae190, dwLength=0x1c | out: lpBuffer=0x2ae190*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adb48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.161] GetLastError () returned 0x0 [0157.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.161] GetLastError () returned 0x0 [0157.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.161] GetLastError () returned 0x0 [0157.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.161] GetLastError () returned 0x0 [0157.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.161] GetLastError () returned 0x0 [0157.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.161] GetLastError () returned 0x0 [0157.161] VirtualQuery (in: lpAddress=0x2ad154, lpBuffer=0x2ae154, dwLength=0x1c | out: lpBuffer=0x2ae154*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.162] VirtualQuery (in: lpAddress=0x2ad190, lpBuffer=0x2ae190, dwLength=0x1c | out: lpBuffer=0x2ae190*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0157.165] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x16c6236b, Data2=0x130f, Data3=0x499a, Data4=([0]=0xb5, [1]=0x4f, [2]=0xf, [3]=0xf3, [4]=0x8f, [5]=0xfd, [6]=0x5f, [7]=0x78))) returned 0x0 [0157.169] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x1041a2cf, Data2=0xc71e, Data3=0x4104, Data4=([0]=0xa2, [1]=0x45, [2]=0x67, [3]=0x5a, [4]=0xa3, [5]=0x52, [6]=0x28, [7]=0xaf))) returned 0x0 [0157.171] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x67cc461a, Data2=0x972b, Data3=0x43f7, Data4=([0]=0xa0, [1]=0xc5, [2]=0x8c, [3]=0x7f, [4]=0xa4, [5]=0xdf, [6]=0xa, [7]=0xdf))) returned 0x0 [0157.171] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x24ff046f, Data2=0x9be7, Data3=0x4484, Data4=([0]=0xaf, [1]=0x9d, [2]=0x66, [3]=0x45, [4]=0xbd, [5]=0xcc, [6]=0x7e, [7]=0x4))) returned 0x0 [0157.171] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x458cca9c, Data2=0x7504, Data3=0x4e68, Data4=([0]=0x83, [1]=0x4f, [2]=0xb6, [3]=0x51, [4]=0x79, [5]=0xdd, [6]=0xa7, [7]=0x6e))) returned 0x0 [0157.172] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x8f034b12, Data2=0x12ff, Data3=0x4be8, Data4=([0]=0xae, [1]=0x24, [2]=0x46, [3]=0xa4, [4]=0xc6, [5]=0x45, [6]=0x1e, [7]=0xa0))) returned 0x0 [0157.172] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x7a64ef19, Data2=0xf4a, Data3=0x4418, Data4=([0]=0x8f, [1]=0x9e, [2]=0xb0, [3]=0xa2, [4]=0xb3, [5]=0x4a, [6]=0xfe, [7]=0x12))) returned 0x0 [0157.173] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x16a74893, Data2=0x58b6, Data3=0x4221, Data4=([0]=0x97, [1]=0x8a, [2]=0xb3, [3]=0x6e, [4]=0x4f, [5]=0x76, [6]=0xbe, [7]=0x89))) returned 0x0 [0157.173] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x79ed3b2d, Data2=0xa773, Data3=0x4afb, Data4=([0]=0x84, [1]=0xdd, [2]=0x68, [3]=0xa0, [4]=0x76, [5]=0x81, [6]=0x53, [7]=0xd9))) returned 0x0 [0157.173] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x79e3d4c7, Data2=0x40fa, Data3=0x4a23, Data4=([0]=0xae, [1]=0xbf, [2]=0xc0, [3]=0xc3, [4]=0xc8, [5]=0x57, [6]=0x9c, [7]=0x23))) returned 0x0 [0157.173] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324 [0157.173] GetLastError () returned 0x0 [0157.174] GetFileType (hFile=0x324) returned 0x1 [0157.174] SetErrorMode (uMode=0x1) returned 0x1 [0157.174] GetFileType (hFile=0x324) returned 0x1 [0157.174] ReadFile (in: hFile=0x324, lpBuffer=0x32ad670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x32ad670*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.176] GetLastError () returned 0x0 [0157.176] ReadFile (in: hFile=0x324, lpBuffer=0x32ad670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x32ad670*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.177] GetLastError () returned 0x0 [0157.177] ReadFile (in: hFile=0x324, lpBuffer=0x32ad670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x32ad670*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.177] GetLastError () returned 0x0 [0157.177] ReadFile (in: hFile=0x324, lpBuffer=0x32ad670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x32ad670*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.177] GetLastError () returned 0x0 [0157.177] ReadFile (in: hFile=0x324, lpBuffer=0x32ad670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x32ad670*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.177] GetLastError () returned 0x0 [0157.178] ReadFile (in: hFile=0x324, lpBuffer=0x32ad670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x32ad670*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.178] GetLastError () returned 0x0 [0157.178] ReadFile (in: hFile=0x324, lpBuffer=0x32ad670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x32ad670*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.178] GetLastError () returned 0x0 [0157.178] ReadFile (in: hFile=0x324, lpBuffer=0x32ad670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x32ad670*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.178] GetLastError () returned 0x0 [0157.178] ReadFile (in: hFile=0x324, lpBuffer=0x32ad670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x32ad670*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.178] GetLastError () returned 0x0 [0157.180] ReadFile (in: hFile=0x324, lpBuffer=0x32ad670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x32ad670*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.180] GetLastError () returned 0x0 [0157.180] ReadFile (in: hFile=0x324, lpBuffer=0x32ad670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x32ad670*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.180] GetLastError () returned 0x0 [0157.180] ReadFile (in: hFile=0x324, lpBuffer=0x32ad670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x32ad670*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.180] GetLastError () returned 0x0 [0157.180] ReadFile (in: hFile=0x324, lpBuffer=0x32ad670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x32ad670*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.180] GetLastError () returned 0x0 [0157.181] ReadFile (in: hFile=0x324, lpBuffer=0x32ad670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x32ad670*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.181] GetLastError () returned 0x0 [0157.181] ReadFile (in: hFile=0x324, lpBuffer=0x32ad670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x32ad670*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.181] GetLastError () returned 0x0 [0157.181] ReadFile (in: hFile=0x324, lpBuffer=0x32ad670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x32ad670*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.181] GetLastError () returned 0x0 [0157.181] ReadFile (in: hFile=0x324, lpBuffer=0x32ad670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x32ad670*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.181] GetLastError () returned 0x0 [0157.184] ReadFile (in: hFile=0x324, lpBuffer=0x32ad670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x32ad670*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.184] GetLastError () returned 0x0 [0157.184] ReadFile (in: hFile=0x324, lpBuffer=0x32ad670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x32ad670*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.184] GetLastError () returned 0x0 [0157.184] ReadFile (in: hFile=0x324, lpBuffer=0x32ad670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x32ad670*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.184] GetLastError () returned 0x0 [0157.184] ReadFile (in: hFile=0x324, lpBuffer=0x32ad670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x32ad670*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.184] GetLastError () returned 0x0 [0157.185] ReadFile (in: hFile=0x324, lpBuffer=0x32ad670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x32ad670*, lpNumberOfBytesRead=0x2ae8b4*=0xe67, lpOverlapped=0x0) returned 1 [0157.185] GetLastError () returned 0x0 [0157.185] ReadFile (in: hFile=0x324, lpBuffer=0x32acc77, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x32acc77*, lpNumberOfBytesRead=0x2ae8b4*=0x0, lpOverlapped=0x0) returned 1 [0157.185] GetLastError () returned 0x0 [0157.185] ReadFile (in: hFile=0x324, lpBuffer=0x32ad670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x32ad670*, lpNumberOfBytesRead=0x2ae8b4*=0x0, lpOverlapped=0x0) returned 1 [0157.185] GetLastError () returned 0x0 [0157.186] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae838 | out: phkResult=0x2ae838*=0x324) returned 0x0 [0157.186] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2ae880, lpData=0x0, lpcbData=0x2ae87c*=0x0 | out: lpType=0x2ae880*=0x1, lpData=0x0, lpcbData=0x2ae87c*=0x56) returned 0x0 [0157.186] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2ae880, lpData=0x7462f0, lpcbData=0x2ae87c*=0x56 | out: lpType=0x2ae880*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2ae87c*=0x56) returned 0x0 [0157.186] RegCloseKey (hKey=0x324) returned 0x0 [0157.189] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x69020146, Data2=0x4af6, Data3=0x4a8f, Data4=([0]=0x97, [1]=0x9b, [2]=0x51, [3]=0x80, [4]=0xc3, [5]=0x55, [6]=0xf5, [7]=0xa4))) returned 0x0 [0157.190] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x82dd35e5, Data2=0xf2d0, Data3=0x4cf2, Data4=([0]=0x90, [1]=0x2d, [2]=0x20, [3]=0xaa, [4]=0x96, [5]=0xb0, [6]=0xd4, [7]=0xc))) returned 0x0 [0157.190] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x3b667dd, Data2=0xcfca, Data3=0x4597, Data4=([0]=0x9d, [1]=0x2b, [2]=0x9a, [3]=0xf5, [4]=0xc, [5]=0xfc, [6]=0x7d, [7]=0x2c))) returned 0x0 [0157.190] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x4ffc9db6, Data2=0x97d, Data3=0x402d, Data4=([0]=0xb1, [1]=0x36, [2]=0x86, [3]=0x40, [4]=0x40, [5]=0xa6, [6]=0xd2, [7]=0xee))) returned 0x0 [0157.190] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x864e9b98, Data2=0x9b90, Data3=0x40d0, Data4=([0]=0x96, [1]=0xf2, [2]=0xfd, [3]=0x6e, [4]=0xd4, [5]=0x69, [6]=0x15, [7]=0x7))) returned 0x0 [0157.190] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xa0965aa1, Data2=0x9d24, Data3=0x43b8, Data4=([0]=0x87, [1]=0xfa, [2]=0x69, [3]=0x57, [4]=0xcf, [5]=0x3b, [6]=0x9, [7]=0x57))) returned 0x0 [0157.190] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x221d0d56, Data2=0x4e11, Data3=0x4b31, Data4=([0]=0xb4, [1]=0x42, [2]=0x9d, [3]=0x8f, [4]=0xe3, [5]=0xf5, [6]=0xea, [7]=0x5))) returned 0x0 [0157.190] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xf012b5df, Data2=0xd9b2, Data3=0x4516, Data4=([0]=0xa1, [1]=0xac, [2]=0xbc, [3]=0xc3, [4]=0x6e, [5]=0x97, [6]=0x5a, [7]=0xe2))) returned 0x0 [0157.190] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xf28c5b1b, Data2=0x7e3b, Data3=0x4090, Data4=([0]=0xb4, [1]=0x6a, [2]=0xd2, [3]=0xe3, [4]=0x3f, [5]=0x48, [6]=0x4b, [7]=0xa3))) returned 0x0 [0157.191] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x17d01108, Data2=0xb63c, Data3=0x42e8, Data4=([0]=0xaf, [1]=0xa1, [2]=0x6e, [3]=0x63, [4]=0x7f, [5]=0x91, [6]=0x74, [7]=0xff))) returned 0x0 [0157.191] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xf6943aa5, Data2=0xda83, Data3=0x4998, Data4=([0]=0xb2, [1]=0x50, [2]=0x5a, [3]=0x60, [4]=0xd9, [5]=0xab, [6]=0x48, [7]=0x9d))) returned 0x0 [0157.191] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x26807cc7, Data2=0x5c74, Data3=0x4e4e, Data4=([0]=0x99, [1]=0x3d, [2]=0x8a, [3]=0x14, [4]=0x52, [5]=0x6c, [6]=0x70, [7]=0x82))) returned 0x0 [0157.191] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x6c965489, Data2=0x5081, Data3=0x4a89, Data4=([0]=0xb5, [1]=0x6b, [2]=0x70, [3]=0xf5, [4]=0x37, [5]=0x3, [6]=0xf9, [7]=0x48))) returned 0x0 [0157.191] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xbafb3305, Data2=0x9e69, Data3=0x48a6, Data4=([0]=0x82, [1]=0x2e, [2]=0xae, [3]=0x59, [4]=0x4f, [5]=0x9a, [6]=0xe8, [7]=0xfd))) returned 0x0 [0157.191] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xf09ac0a1, Data2=0xcbf9, Data3=0x47db, Data4=([0]=0xa8, [1]=0x36, [2]=0xe, [3]=0xf0, [4]=0x3a, [5]=0xcd, [6]=0x42, [7]=0x83))) returned 0x0 [0157.191] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x5a88ab62, Data2=0xc2a3, Data3=0x4e29, Data4=([0]=0x80, [1]=0x2e, [2]=0xe7, [3]=0x5c, [4]=0x35, [5]=0xa5, [6]=0x1a, [7]=0x49))) returned 0x0 [0157.192] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x7bb746bc, Data2=0xf6b3, Data3=0x410a, Data4=([0]=0x88, [1]=0x90, [2]=0x10, [3]=0x2d, [4]=0x93, [5]=0xe3, [6]=0x52, [7]=0x67))) returned 0x0 [0157.192] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xc482b68c, Data2=0xd29a, Data3=0x4dc5, Data4=([0]=0xa2, [1]=0x39, [2]=0xf0, [3]=0x71, [4]=0x57, [5]=0xd2, [6]=0xee, [7]=0x26))) returned 0x0 [0157.192] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xce95d3ea, Data2=0x428b, Data3=0x4c63, Data4=([0]=0x82, [1]=0x98, [2]=0xeb, [3]=0x50, [4]=0x1f, [5]=0x23, [6]=0xbd, [7]=0xc5))) returned 0x0 [0157.192] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xc625e8c8, Data2=0x3fc8, Data3=0x4d95, Data4=([0]=0x98, [1]=0xb2, [2]=0x2c, [3]=0x2b, [4]=0xa7, [5]=0xbf, [6]=0x92, [7]=0x24))) returned 0x0 [0157.193] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x288f734f, Data2=0x9848, Data3=0x4bf7, Data4=([0]=0x8e, [1]=0x9f, [2]=0xa4, [3]=0xa5, [4]=0xe1, [5]=0x3c, [6]=0x53, [7]=0x9f))) returned 0x0 [0157.193] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x17f5d70a, Data2=0xe33d, Data3=0x437c, Data4=([0]=0x99, [1]=0xe, [2]=0x9, [3]=0x10, [4]=0x43, [5]=0x39, [6]=0xbc, [7]=0xe5))) returned 0x0 [0157.193] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x5df9c7b3, Data2=0x106c, Data3=0x4319, Data4=([0]=0x8c, [1]=0xb1, [2]=0xd3, [3]=0xe, [4]=0xa3, [5]=0xe1, [6]=0x12, [7]=0x39))) returned 0x0 [0157.193] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x2a04973d, Data2=0xe68f, Data3=0x4400, Data4=([0]=0xa9, [1]=0x13, [2]=0x63, [3]=0x28, [4]=0x7c, [5]=0xda, [6]=0x6e, [7]=0xd3))) returned 0x0 [0157.193] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x302ad606, Data2=0x7bb6, Data3=0x4295, Data4=([0]=0x89, [1]=0xd1, [2]=0x7b, [3]=0x72, [4]=0x71, [5]=0x68, [6]=0x61, [7]=0xae))) returned 0x0 [0157.193] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xec9f459a, Data2=0x7e35, Data3=0x40e8, Data4=([0]=0xa5, [1]=0xa2, [2]=0xa4, [3]=0x34, [4]=0xbc, [5]=0xa9, [6]=0xe9, [7]=0x4d))) returned 0x0 [0157.194] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xe620604d, Data2=0x84de, Data3=0x46fc, Data4=([0]=0x86, [1]=0x13, [2]=0x53, [3]=0xf, [4]=0x35, [5]=0x4d, [6]=0xac, [7]=0x57))) returned 0x0 [0157.194] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xf7f23b70, Data2=0xc43c, Data3=0x4537, Data4=([0]=0xbd, [1]=0x92, [2]=0x7d, [3]=0xd5, [4]=0x7e, [5]=0xdf, [6]=0xd1, [7]=0x1d))) returned 0x0 [0157.194] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x58f56351, Data2=0xe7f0, Data3=0x4eb6, Data4=([0]=0xb0, [1]=0x66, [2]=0x90, [3]=0xa5, [4]=0x9c, [5]=0x38, [6]=0xfa, [7]=0x33))) returned 0x0 [0157.194] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x9e173c56, Data2=0xe78b, Data3=0x4730, Data4=([0]=0x97, [1]=0xd7, [2]=0x8f, [3]=0x77, [4]=0x90, [5]=0xe9, [6]=0x9, [7]=0xc7))) returned 0x0 [0157.194] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xd7e6e778, Data2=0xbf81, Data3=0x41c3, Data4=([0]=0x80, [1]=0x85, [2]=0x9d, [3]=0xa6, [4]=0x88, [5]=0xed, [6]=0x6b, [7]=0x5d))) returned 0x0 [0157.194] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xf4ea82ef, Data2=0xa49f, Data3=0x4487, Data4=([0]=0xa0, [1]=0x8c, [2]=0x18, [3]=0xc5, [4]=0x2b, [5]=0xd4, [6]=0xbe, [7]=0xa1))) returned 0x0 [0157.194] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x9b5662a1, Data2=0x2e94, Data3=0x4b5c, Data4=([0]=0xb3, [1]=0xe, [2]=0x57, [3]=0xdc, [4]=0xe8, [5]=0xed, [6]=0x7e, [7]=0x59))) returned 0x0 [0157.197] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xd0d20001, Data2=0x42af, Data3=0x450c, Data4=([0]=0x91, [1]=0x0, [2]=0x89, [3]=0x4e, [4]=0x4e, [5]=0x9, [6]=0xc4, [7]=0x88))) returned 0x0 [0157.197] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x98d66e2d, Data2=0x6718, Data3=0x4985, Data4=([0]=0x9a, [1]=0xb2, [2]=0x18, [3]=0x49, [4]=0x98, [5]=0x0, [6]=0x63, [7]=0x5))) returned 0x0 [0157.197] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xc986e34c, Data2=0x2b0a, Data3=0x4425, Data4=([0]=0xa7, [1]=0x2c, [2]=0x64, [3]=0xd, [4]=0x6f, [5]=0xa5, [6]=0x70, [7]=0xce))) returned 0x0 [0157.197] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x2fe4bac7, Data2=0xa371, Data3=0x4bc7, Data4=([0]=0xbd, [1]=0x60, [2]=0x50, [3]=0xd, [4]=0xf7, [5]=0x7e, [6]=0x49, [7]=0xab))) returned 0x0 [0157.198] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x1999edd3, Data2=0x2fcb, Data3=0x49a8, Data4=([0]=0xba, [1]=0x2, [2]=0x84, [3]=0x45, [4]=0x76, [5]=0x29, [6]=0x6d, [7]=0xc9))) returned 0x0 [0157.198] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xc7ecbfd9, Data2=0xfcf3, Data3=0x468e, Data4=([0]=0xa8, [1]=0x76, [2]=0xfc, [3]=0x7c, [4]=0xc1, [5]=0x68, [6]=0x85, [7]=0x80))) returned 0x0 [0157.198] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xbb757f2f, Data2=0xdca, Data3=0x4484, Data4=([0]=0xbf, [1]=0x45, [2]=0xab, [3]=0x7, [4]=0x21, [5]=0xa7, [6]=0xbe, [7]=0x1f))) returned 0x0 [0157.198] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x5139b6ab, Data2=0xa47d, Data3=0x44ba, Data4=([0]=0x9a, [1]=0x60, [2]=0xcc, [3]=0xcb, [4]=0x3e, [5]=0xa9, [6]=0x2a, [7]=0x83))) returned 0x0 [0157.199] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x28790379, Data2=0x7138, Data3=0x4b73, Data4=([0]=0x9c, [1]=0x20, [2]=0xdf, [3]=0xb5, [4]=0xec, [5]=0x2f, [6]=0x82, [7]=0xd8))) returned 0x0 [0157.199] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x632e9878, Data2=0xed1d, Data3=0x44db, Data4=([0]=0xb1, [1]=0x6d, [2]=0x71, [3]=0x71, [4]=0xe6, [5]=0xe1, [6]=0x86, [7]=0x77))) returned 0x0 [0157.199] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x170b19a9, Data2=0x7bdb, Data3=0x4fb6, Data4=([0]=0xad, [1]=0x48, [2]=0x78, [3]=0x8d, [4]=0x2e, [5]=0x50, [6]=0x7b, [7]=0xa5))) returned 0x0 [0157.199] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xc2991acf, Data2=0xe9e9, Data3=0x4dcd, Data4=([0]=0xa1, [1]=0x82, [2]=0x3b, [3]=0x26, [4]=0x63, [5]=0xa0, [6]=0x8d, [7]=0xd9))) returned 0x0 [0157.199] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xd311d0dc, Data2=0x77, Data3=0x45a0, Data4=([0]=0xad, [1]=0xa0, [2]=0x13, [3]=0x60, [4]=0xbd, [5]=0x56, [6]=0x75, [7]=0xcf))) returned 0x0 [0157.199] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xdce297b7, Data2=0xdcc9, Data3=0x41fb, Data4=([0]=0x9a, [1]=0x12, [2]=0x32, [3]=0xb6, [4]=0xe2, [5]=0x0, [6]=0x42, [7]=0x53))) returned 0x0 [0157.200] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x3a11069f, Data2=0xd90d, Data3=0x4d9d, Data4=([0]=0x86, [1]=0xd7, [2]=0x8f, [3]=0x60, [4]=0x75, [5]=0x46, [6]=0x4e, [7]=0x3d))) returned 0x0 [0157.200] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324 [0157.200] GetLastError () returned 0x0 [0157.200] GetFileType (hFile=0x324) returned 0x1 [0157.200] SetErrorMode (uMode=0x1) returned 0x1 [0157.201] GetFileType (hFile=0x324) returned 0x1 [0157.201] ReadFile (in: hFile=0x324, lpBuffer=0x339e048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x339e048*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.303] GetLastError () returned 0x0 [0157.304] ReadFile (in: hFile=0x324, lpBuffer=0x339e048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x339e048*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.304] GetLastError () returned 0x0 [0157.304] ReadFile (in: hFile=0x324, lpBuffer=0x339e048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x339e048*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.304] GetLastError () returned 0x0 [0157.305] ReadFile (in: hFile=0x324, lpBuffer=0x339e048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x339e048*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.305] GetLastError () returned 0x0 [0157.305] ReadFile (in: hFile=0x324, lpBuffer=0x339e048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x339e048*, lpNumberOfBytesRead=0x2ae8b4*=0x8b4, lpOverlapped=0x0) returned 1 [0157.305] GetLastError () returned 0x0 [0157.305] ReadFile (in: hFile=0x324, lpBuffer=0x339d49c, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x339d49c*, lpNumberOfBytesRead=0x2ae8b4*=0x0, lpOverlapped=0x0) returned 1 [0157.305] GetLastError () returned 0x0 [0157.305] ReadFile (in: hFile=0x324, lpBuffer=0x339e048, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x339e048*, lpNumberOfBytesRead=0x2ae8b4*=0x0, lpOverlapped=0x0) returned 1 [0157.305] GetLastError () returned 0x0 [0157.305] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae838 | out: phkResult=0x2ae838*=0x324) returned 0x0 [0157.306] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2ae880, lpData=0x0, lpcbData=0x2ae87c*=0x0 | out: lpType=0x2ae880*=0x1, lpData=0x0, lpcbData=0x2ae87c*=0x56) returned 0x0 [0157.306] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2ae880, lpData=0x7462f0, lpcbData=0x2ae87c*=0x56 | out: lpType=0x2ae880*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2ae87c*=0x56) returned 0x0 [0157.306] RegCloseKey (hKey=0x324) returned 0x0 [0157.306] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xb44020d0, Data2=0x5466, Data3=0x46d5, Data4=([0]=0xa7, [1]=0x50, [2]=0x48, [3]=0x87, [4]=0x8e, [5]=0x53, [6]=0xa7, [7]=0xe7))) returned 0x0 [0157.307] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x1a8c5eb9, Data2=0x1861, Data3=0x46a0, Data4=([0]=0xbe, [1]=0x19, [2]=0x85, [3]=0x7b, [4]=0xa0, [5]=0x25, [6]=0x56, [7]=0xc))) returned 0x0 [0157.307] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x324 [0157.307] GetLastError () returned 0x0 [0157.307] GetFileType (hFile=0x324) returned 0x1 [0157.307] SetErrorMode (uMode=0x1) returned 0x1 [0157.307] GetFileType (hFile=0x324) returned 0x1 [0157.308] ReadFile (in: hFile=0x324, lpBuffer=0x33d4f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x33d4f54*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.371] GetLastError () returned 0x0 [0157.372] ReadFile (in: hFile=0x324, lpBuffer=0x33d4f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x33d4f54*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.372] GetLastError () returned 0x0 [0157.372] ReadFile (in: hFile=0x324, lpBuffer=0x33d4f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x33d4f54*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.372] GetLastError () returned 0x0 [0157.373] ReadFile (in: hFile=0x324, lpBuffer=0x33d4f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x33d4f54*, lpNumberOfBytesRead=0x2ae8b4*=0x1000, lpOverlapped=0x0) returned 1 [0157.373] GetLastError () returned 0x0 [0157.373] ReadFile (in: hFile=0x324, lpBuffer=0x33d4f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x33d4f54*, lpNumberOfBytesRead=0x2ae8b4*=0xe98, lpOverlapped=0x0) returned 1 [0157.373] GetLastError () returned 0x0 [0157.373] ReadFile (in: hFile=0x324, lpBuffer=0x33d458c, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x33d458c*, lpNumberOfBytesRead=0x2ae8b4*=0x0, lpOverlapped=0x0) returned 1 [0157.373] GetLastError () returned 0x0 [0157.373] ReadFile (in: hFile=0x324, lpBuffer=0x33d4f54, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2ae8b4, lpOverlapped=0x0 | out: lpBuffer=0x33d4f54*, lpNumberOfBytesRead=0x2ae8b4*=0x0, lpOverlapped=0x0) returned 1 [0157.373] GetLastError () returned 0x0 [0157.374] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae838 | out: phkResult=0x2ae838*=0x324) returned 0x0 [0157.374] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2ae880, lpData=0x0, lpcbData=0x2ae87c*=0x0 | out: lpType=0x2ae880*=0x1, lpData=0x0, lpcbData=0x2ae87c*=0x56) returned 0x0 [0157.374] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2ae880, lpData=0x7462f0, lpcbData=0x2ae87c*=0x56 | out: lpType=0x2ae880*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2ae87c*=0x56) returned 0x0 [0157.374] RegCloseKey (hKey=0x324) returned 0x0 [0157.375] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0x11634488, Data2=0xe8b, Data3=0x4017, Data4=([0]=0x83, [1]=0x22, [2]=0x1, [3]=0xc6, [4]=0xd0, [5]=0xca, [6]=0xaa, [7]=0xa))) returned 0x0 [0157.375] CoCreateGuid (in: pguid=0x2ae8a8 | out: pguid=0x2ae8a8*(Data1=0xc77b0087, Data2=0x956e, Data3=0x4adf, Data4=([0]=0x8e, [1]=0xe3, [2]=0xd3, [3]=0x16, [4]=0xd7, [5]=0xdd, [6]=0xb9, [7]=0xe0))) returned 0x0 [0157.434] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae92c | out: phkResult=0x2ae92c*=0x324) returned 0x0 [0157.435] RegQueryInfoKeyW (in: hKey=0x324, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x2ae97c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2ae980, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x2ae97c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2ae980*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.437] RegEnumValueW (in: hKey=0x324, dwIndex=0x0, lpValueName=0x7462f0, lpcchValueName=0x2ae9a4, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x2ae9a4, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0157.437] RegEnumValueW (in: hKey=0x324, dwIndex=0x1, lpValueName=0x7462f0, lpcchValueName=0x2ae9a4, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x2ae9a4, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0157.437] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0x2ae984, lpData=0x0, lpcbData=0x2ae980*=0x0 | out: lpType=0x2ae984*=0x1, lpData=0x0, lpcbData=0x2ae980*=0x8) returned 0x0 [0157.437] RegQueryValueExW (in: hKey=0x324, lpValueName="StackVersion", lpReserved=0x0, lpType=0x2ae984, lpData=0x7462f0, lpcbData=0x2ae980*=0x8 | out: lpType=0x2ae984*=0x1, lpData="2.0", lpcbData=0x2ae980*=0x8) returned 0x0 [0157.516] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8e8 | out: phkResult=0x2ae8e8*=0x328) returned 0x0 [0157.516] RegQueryInfoKeyW (in: hKey=0x328, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x2ae938, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2ae93c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x2ae938*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2ae93c*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.517] RegEnumValueW (in: hKey=0x328, dwIndex=0x0, lpValueName=0x7462f0, lpcchValueName=0x2ae960, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x2ae960, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0157.517] RegEnumValueW (in: hKey=0x328, dwIndex=0x1, lpValueName=0x7462f0, lpcchValueName=0x2ae960, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x2ae960, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0157.517] RegQueryValueExW (in: hKey=0x328, lpValueName="StackVersion", lpReserved=0x0, lpType=0x2ae940, lpData=0x0, lpcbData=0x2ae93c*=0x0 | out: lpType=0x2ae940*=0x1, lpData=0x0, lpcbData=0x2ae93c*=0x8) returned 0x0 [0157.517] RegQueryValueExW (in: hKey=0x328, lpValueName="StackVersion", lpReserved=0x0, lpType=0x2ae940, lpData=0x7462f0, lpcbData=0x2ae93c*=0x8 | out: lpType=0x2ae940*=0x1, lpData="2.0", lpcbData=0x2ae93c*=0x8) returned 0x0 [0157.518] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0157.518] GetLastError () returned 0xcb [0157.521] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0157.521] GetLastError () returned 0xcb [0157.533] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8a8 | out: phkResult=0x2ae8a8*=0x32c) returned 0x0 [0157.533] RegQueryInfoKeyW (in: hKey=0x32c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x2ae910, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2ae90c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x2ae910*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2ae90c*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.534] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x0, lpName=0x7462f0, lpcchName=0x2ae92c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x2ae92c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.534] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x1, lpName=0x7462f0, lpcchName=0x2ae92c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x2ae92c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.535] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x2, lpName=0x7462f0, lpcchName=0x2ae92c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x2ae92c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.535] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x3, lpName=0x7462f0, lpcchName=0x2ae92c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x2ae92c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.535] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x4, lpName=0x7462f0, lpcchName=0x2ae92c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x2ae92c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.535] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x5, lpName=0x7462f0, lpcchName=0x2ae92c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x2ae92c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.535] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x6, lpName=0x7462f0, lpcchName=0x2ae92c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x2ae92c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.535] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x7, lpName=0x7462f0, lpcchName=0x2ae92c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x2ae92c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.536] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x8, lpName=0x7462f0, lpcchName=0x2ae92c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x2ae92c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.536] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8d8 | out: phkResult=0x2ae8d8*=0x348) returned 0x0 [0157.536] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8d8 | out: phkResult=0x2ae8d8*=0x0) returned 0x2 [0157.536] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8d8 | out: phkResult=0x2ae8d8*=0x35c) returned 0x0 [0157.536] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8d8 | out: phkResult=0x2ae8d8*=0x0) returned 0x2 [0157.537] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8d8 | out: phkResult=0x2ae8d8*=0x360) returned 0x0 [0157.537] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8d8 | out: phkResult=0x2ae8d8*=0x0) returned 0x2 [0157.537] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8d8 | out: phkResult=0x2ae8d8*=0x364) returned 0x0 [0157.537] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8d8 | out: phkResult=0x2ae8d8*=0x0) returned 0x2 [0157.537] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8d8 | out: phkResult=0x2ae8d8*=0x368) returned 0x0 [0157.537] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8d8 | out: phkResult=0x2ae8d8*=0x0) returned 0x2 [0157.538] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8d8 | out: phkResult=0x2ae8d8*=0x36c) returned 0x0 [0157.538] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8d8 | out: phkResult=0x2ae8d8*=0x0) returned 0x2 [0157.538] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8d8 | out: phkResult=0x2ae8d8*=0x370) returned 0x0 [0157.538] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8d8 | out: phkResult=0x2ae8d8*=0x0) returned 0x2 [0157.538] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8d8 | out: phkResult=0x2ae8d8*=0x374) returned 0x0 [0157.538] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8d8 | out: phkResult=0x2ae8d8*=0x0) returned 0x2 [0157.539] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8d8 | out: phkResult=0x2ae8d8*=0x378) returned 0x0 [0157.539] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8d8 | out: phkResult=0x2ae8d8*=0x37c) returned 0x0 [0157.539] RegCloseKey (hKey=0x37c) returned 0x0 [0157.539] RegCloseKey (hKey=0x32c) returned 0x0 [0157.540] RegCloseKey (hKey=0x378) returned 0x0 [0157.670] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x746ab0, nSize=0x2aea24 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x2aea24) returned 0x1 [0157.673] GetLastError () returned 0x3 [0157.674] GetUserNameW (in: lpBuffer=0x7462f0, pcbBuffer=0x2aea2c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x2aea2c) returned 1 [0157.724] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae88c | out: phkResult=0x2ae88c*=0x32c) returned 0x0 [0157.724] RegQueryInfoKeyW (in: hKey=0x32c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x2ae8f4, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2ae8f0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x2ae8f4*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2ae8f0*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.724] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x0, lpName=0x7462f0, lpcchName=0x2ae910, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x2ae910, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.724] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x1, lpName=0x7462f0, lpcchName=0x2ae910, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x2ae910, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.725] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x2, lpName=0x7462f0, lpcchName=0x2ae910, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x2ae910, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.725] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x3, lpName=0x7462f0, lpcchName=0x2ae910, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x2ae910, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.725] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x4, lpName=0x7462f0, lpcchName=0x2ae910, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x2ae910, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.725] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x5, lpName=0x7462f0, lpcchName=0x2ae910, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x2ae910, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.725] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x6, lpName=0x7462f0, lpcchName=0x2ae910, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x2ae910, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.725] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x7, lpName=0x7462f0, lpcchName=0x2ae910, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x2ae910, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.725] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x8, lpName=0x7462f0, lpcchName=0x2ae910, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x2ae910, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.726] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x37c) returned 0x0 [0157.726] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x0) returned 0x2 [0157.726] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x380) returned 0x0 [0157.726] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x0) returned 0x2 [0157.727] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x384) returned 0x0 [0157.727] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x0) returned 0x2 [0157.727] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x388) returned 0x0 [0157.727] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x0) returned 0x2 [0157.727] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x38c) returned 0x0 [0157.727] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x0) returned 0x2 [0157.727] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x390) returned 0x0 [0157.728] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x0) returned 0x2 [0157.728] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x394) returned 0x0 [0157.728] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x0) returned 0x2 [0157.728] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x398) returned 0x0 [0157.729] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x0) returned 0x2 [0157.729] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x39c) returned 0x0 [0157.729] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x3a0) returned 0x0 [0157.729] RegCloseKey (hKey=0x3a0) returned 0x0 [0157.729] RegCloseKey (hKey=0x32c) returned 0x0 [0157.729] RegCloseKey (hKey=0x39c) returned 0x0 [0157.730] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae88c | out: phkResult=0x2ae88c*=0x39c) returned 0x0 [0157.730] RegQueryInfoKeyW (in: hKey=0x39c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x2ae8f4, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2ae8f0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x2ae8f4*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2ae8f0*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.730] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x0, lpName=0x7462f0, lpcchName=0x2ae910, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x2ae910, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.730] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x1, lpName=0x7462f0, lpcchName=0x2ae910, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x2ae910, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.730] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x2, lpName=0x7462f0, lpcchName=0x2ae910, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x2ae910, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.730] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x3, lpName=0x7462f0, lpcchName=0x2ae910, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x2ae910, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.730] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x4, lpName=0x7462f0, lpcchName=0x2ae910, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x2ae910, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.731] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x5, lpName=0x7462f0, lpcchName=0x2ae910, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x2ae910, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.731] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x6, lpName=0x7462f0, lpcchName=0x2ae910, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x2ae910, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.731] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x7, lpName=0x7462f0, lpcchName=0x2ae910, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x2ae910, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.731] RegEnumKeyExW (in: hKey=0x39c, dwIndex=0x8, lpName=0x7462f0, lpcchName=0x2ae910, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x2ae910, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.731] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x32c) returned 0x0 [0157.731] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x0) returned 0x2 [0157.732] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x3a0) returned 0x0 [0157.732] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x0) returned 0x2 [0157.732] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x3a4) returned 0x0 [0157.732] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x0) returned 0x2 [0157.732] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x3a8) returned 0x0 [0157.733] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x0) returned 0x2 [0157.733] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x3ac) returned 0x0 [0157.733] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x0) returned 0x2 [0157.733] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x3b0) returned 0x0 [0157.733] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x0) returned 0x2 [0157.733] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x3b4) returned 0x0 [0157.734] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x0) returned 0x2 [0157.734] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x3b8) returned 0x0 [0157.734] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x0) returned 0x2 [0157.734] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x3bc) returned 0x0 [0157.734] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8bc | out: phkResult=0x2ae8bc*=0x3c0) returned 0x0 [0157.734] RegCloseKey (hKey=0x3c0) returned 0x0 [0157.734] RegCloseKey (hKey=0x39c) returned 0x0 [0157.735] RegCloseKey (hKey=0x3bc) returned 0x0 [0157.735] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae880 | out: phkResult=0x2ae880*=0x3bc) returned 0x0 [0157.735] RegQueryInfoKeyW (in: hKey=0x3bc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x2ae8e8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2ae8e4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x2ae8e8*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x2ae8e4*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.735] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x0, lpName=0x7462f0, lpcchName=0x2ae904, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x2ae904, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.736] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x1, lpName=0x7462f0, lpcchName=0x2ae904, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x2ae904, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.736] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x2, lpName=0x7462f0, lpcchName=0x2ae904, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x2ae904, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.736] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x3, lpName=0x7462f0, lpcchName=0x2ae904, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x2ae904, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.736] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x4, lpName=0x7462f0, lpcchName=0x2ae904, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x2ae904, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.736] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x5, lpName=0x7462f0, lpcchName=0x2ae904, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x2ae904, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.736] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x6, lpName=0x7462f0, lpcchName=0x2ae904, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x2ae904, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.737] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x7, lpName=0x7462f0, lpcchName=0x2ae904, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x2ae904, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.737] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x8, lpName=0x7462f0, lpcchName=0x2ae904, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x2ae904, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0157.737] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8b0 | out: phkResult=0x2ae8b0*=0x39c) returned 0x0 [0157.737] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8b0 | out: phkResult=0x2ae8b0*=0x0) returned 0x2 [0157.737] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8b0 | out: phkResult=0x2ae8b0*=0x3c0) returned 0x0 [0157.737] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8b0 | out: phkResult=0x2ae8b0*=0x0) returned 0x2 [0157.738] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8b0 | out: phkResult=0x2ae8b0*=0x3c4) returned 0x0 [0157.738] RegOpenKeyExW (in: hKey=0x3c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8b0 | out: phkResult=0x2ae8b0*=0x0) returned 0x2 [0157.738] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8b0 | out: phkResult=0x2ae8b0*=0x3c8) returned 0x0 [0157.738] RegOpenKeyExW (in: hKey=0x3c8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8b0 | out: phkResult=0x2ae8b0*=0x0) returned 0x2 [0157.738] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8b0 | out: phkResult=0x2ae8b0*=0x3cc) returned 0x0 [0157.739] RegOpenKeyExW (in: hKey=0x3cc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8b0 | out: phkResult=0x2ae8b0*=0x0) returned 0x2 [0157.739] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8b0 | out: phkResult=0x2ae8b0*=0x3d0) returned 0x0 [0157.739] RegOpenKeyExW (in: hKey=0x3d0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8b0 | out: phkResult=0x2ae8b0*=0x0) returned 0x2 [0157.739] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8b0 | out: phkResult=0x2ae8b0*=0x3d4) returned 0x0 [0157.739] RegOpenKeyExW (in: hKey=0x3d4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8b0 | out: phkResult=0x2ae8b0*=0x0) returned 0x2 [0157.739] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8b0 | out: phkResult=0x2ae8b0*=0x3d8) returned 0x0 [0157.740] RegOpenKeyExW (in: hKey=0x3d8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8b0 | out: phkResult=0x2ae8b0*=0x0) returned 0x2 [0157.740] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8b0 | out: phkResult=0x2ae8b0*=0x3dc) returned 0x0 [0157.740] RegOpenKeyExW (in: hKey=0x3dc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ae8b0 | out: phkResult=0x2ae8b0*=0x3e0) returned 0x0 [0157.740] RegCloseKey (hKey=0x3e0) returned 0x0 [0157.740] RegCloseKey (hKey=0x3bc) returned 0x0 [0157.740] RegCloseKey (hKey=0x3dc) returned 0x0 [0157.804] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x4ea0004 [0157.809] GetLastError () returned 0x0 [0157.810] ReportEventW (hEventLog=0x4ea0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x346dd64*="WSMan", lpRawData=0x346dc0c) returned 1 [0157.818] GetLastError () returned 0x0 [0157.819] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0157.819] GetLastError () returned 0xcb [0157.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae424, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.820] GetLastError () returned 0xcb [0157.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.820] GetLastError () returned 0xcb [0157.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.820] GetLastError () returned 0xcb [0157.820] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x746ab0, nSize=0x2aea24 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x2aea24) returned 0x1 [0157.820] GetLastError () returned 0xcb [0157.821] GetUserNameW (in: lpBuffer=0x7462f0, pcbBuffer=0x2aea2c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x2aea2c) returned 1 [0157.821] ReportEventW (hEventLog=0x4ea0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3471c40*="Alias", lpRawData=0x3471afc) returned 1 [0157.821] GetLastError () returned 0x0 [0157.823] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0157.823] GetLastError () returned 0xcb [0157.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae424, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.824] GetLastError () returned 0xcb [0157.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.824] GetLastError () returned 0xcb [0157.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.824] GetLastError () returned 0xcb [0157.824] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x746ab0, nSize=0x2aea24 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x2aea24) returned 0x1 [0157.825] GetLastError () returned 0xcb [0157.825] GetUserNameW (in: lpBuffer=0x7462f0, pcbBuffer=0x2aea2c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x2aea2c) returned 1 [0157.825] ReportEventW (hEventLog=0x4ea0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3475bd4*="Environment", lpRawData=0x3475a90) returned 1 [0157.826] GetLastError () returned 0x0 [0157.827] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0157.827] GetLastError () returned 0xcb [0157.828] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0157.828] GetLastError () returned 0xcb [0157.828] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b [0157.828] GetLastError () returned 0xcb [0157.828] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x2ae554, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0157.828] GetLastError () returned 0xcb [0157.828] SetErrorMode (uMode=0x1) returned 0x1 [0157.828] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x2ae9d4 | out: lpFileInformation=0x2ae9d4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0157.828] GetLastError () returned 0xcb [0157.828] SetErrorMode (uMode=0x1) returned 0x1 [0157.890] GetLogicalDrives () returned 0x4 [0157.890] GetLastError () returned 0xcb [0157.892] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x2ae478, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0157.892] GetLastError () returned 0xcb [0157.894] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0157.894] GetLastError () returned 0xcb [0157.894] SetErrorMode (uMode=0x1) returned 0x1 [0157.896] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x7463f0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x2ae9a0, lpMaximumComponentLength=0x2ae99c, lpFileSystemFlags=0x2ae998, lpFileSystemNameBuffer=0x7462f0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x2ae9a0*=0x9c354b42, lpMaximumComponentLength=0x2ae99c*=0xff, lpFileSystemFlags=0x2ae998*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1 [0157.896] GetLastError () returned 0xcb [0157.896] SetErrorMode (uMode=0x1) returned 0x1 [0157.897] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0157.897] GetLastError () returned 0xcb [0157.897] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x2ae500, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0157.897] GetLastError () returned 0xcb [0157.897] SetErrorMode (uMode=0x1) returned 0x1 [0157.897] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x3476e0c | out: lpFileInformation=0x3476e0c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0157.897] GetLastError () returned 0xcb [0157.897] SetErrorMode (uMode=0x1) returned 0x1 [0157.897] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x2ae500, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0157.897] GetLastError () returned 0xcb [0157.897] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x2ae48c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0157.897] GetLastError () returned 0xcb [0157.897] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0157.897] GetLastError () returned 0xcb [0157.899] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x2ae448, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0157.900] GetLastError () returned 0xcb [0157.900] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0157.900] GetLastError () returned 0xcb [0157.901] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x2ae450, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0157.901] GetLastError () returned 0xcb [0157.901] SetErrorMode (uMode=0x1) returned 0x1 [0157.901] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x3477a64 | out: lpFileInformation=0x3477a64*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0157.901] GetLastError () returned 0xcb [0157.901] SetErrorMode (uMode=0x1) returned 0x1 [0157.901] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x2ae458, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0157.902] GetLastError () returned 0xcb [0157.902] SetErrorMode (uMode=0x1) returned 0x1 [0157.902] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x3477bb4 | out: lpFileInformation=0x3477bb4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0157.902] GetLastError () returned 0xcb [0157.902] SetErrorMode (uMode=0x1) returned 0x1 [0157.902] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x2ae49c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0157.902] GetLastError () returned 0xcb [0157.902] SetErrorMode (uMode=0x1) returned 0x1 [0157.902] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x3477d54 | out: lpFileInformation=0x3477d54*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0157.902] GetLastError () returned 0xcb [0157.902] SetErrorMode (uMode=0x1) returned 0x1 [0157.903] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x746ab0, nSize=0x2aea24 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x2aea24) returned 0x1 [0157.903] GetLastError () returned 0xcb [0157.903] GetUserNameW (in: lpBuffer=0x7462f0, pcbBuffer=0x2aea2c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x2aea2c) returned 1 [0157.904] ReportEventW (hEventLog=0x4ea0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x347aadc*="FileSystem", lpRawData=0x347a998) returned 1 [0157.904] GetLastError () returned 0x0 [0157.905] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0157.905] GetLastError () returned 0xcb [0157.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.906] GetLastError () returned 0xcb [0157.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.906] GetLastError () returned 0xcb [0157.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.906] GetLastError () returned 0xcb [0157.907] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x746ab0, nSize=0x2aea24 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x2aea24) returned 0x1 [0157.907] GetLastError () returned 0xcb [0157.907] GetUserNameW (in: lpBuffer=0x7462f0, pcbBuffer=0x2aea2c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x2aea2c) returned 1 [0157.908] ReportEventW (hEventLog=0x4ea0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x347ebcc*="Function", lpRawData=0x347ea88) returned 1 [0157.908] GetLastError () returned 0x0 [0157.912] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0157.912] GetLastError () returned 0xcb [0157.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae438, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.919] GetLastError () returned 0xcb [0157.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.919] GetLastError () returned 0xcb [0157.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.919] GetLastError () returned 0xcb [0157.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0157.919] GetLastError () returned 0xcb [0158.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae438, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.169] GetLastError () returned 0xcb [0158.170] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.170] GetLastError () returned 0xcb [0158.170] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae3e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.170] GetLastError () returned 0xcb [0158.171] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x746ab0, nSize=0x2aea24 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x2aea24) returned 0x1 [0158.172] GetLastError () returned 0xcb [0158.172] GetUserNameW (in: lpBuffer=0x7462f0, pcbBuffer=0x2aea2c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x2aea2c) returned 1 [0158.172] ReportEventW (hEventLog=0x4ea0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3497c88*="Registry", lpRawData=0x3497b44) returned 1 [0158.173] GetLastError () returned 0x0 [0158.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae424, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.174] GetLastError () returned 0x0 [0158.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.174] GetLastError () returned 0x0 [0158.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.174] GetLastError () returned 0x0 [0158.175] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x746ab0, nSize=0x2aea24 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x2aea24) returned 0x1 [0158.176] GetLastError () returned 0x0 [0158.176] GetUserNameW (in: lpBuffer=0x7462f0, pcbBuffer=0x2aea2c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x2aea2c) returned 1 [0158.176] ReportEventW (hEventLog=0x4ea0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x349ba70*="Variable", lpRawData=0x349b92c) returned 1 [0158.176] GetLastError () returned 0x0 [0158.178] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0158.178] GetLastError () returned 0xcb [0158.180] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0158.180] GetLastError () returned 0xcb [0158.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x2ae424, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0158.181] GetLastError () returned 0xcb [0158.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x2ae3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0158.181] GetLastError () returned 0xcb [0158.181] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x2ae3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0158.181] GetLastError () returned 0xcb [0158.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x2ae3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0158.182] GetLastError () returned 0xcb [0158.241] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x746ab0, nSize=0x2aea24 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x2aea24) returned 0x1 [0158.241] GetLastError () returned 0x3 [0158.241] GetUserNameW (in: lpBuffer=0x7462f0, pcbBuffer=0x2aea2c | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x2aea2c) returned 1 [0158.242] ReportEventW (hEventLog=0x4ea0004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x34a983c*="Certificate", lpRawData=0x34a96f8) returned 1 [0158.242] GetLastError () returned 0x0 [0158.255] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0158.255] GetLastError () returned 0xcb [0158.258] GetLogicalDrives () returned 0x4 [0158.258] GetLastError () returned 0xcb [0158.258] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x2ae59c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0158.258] GetLastError () returned 0xcb [0158.259] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0158.259] GetLastError () returned 0xcb [0158.259] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x7462f0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0158.259] GetLastError () returned 0xcb [0158.261] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0158.261] GetLastError () returned 0xcb [0158.261] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0158.261] GetLastError () returned 0xcb [0158.276] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0158.276] GetLastError () returned 0xcb [0158.278] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0158.278] GetLastError () returned 0xcb [0158.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x2ae3e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0158.278] GetLastError () returned 0xcb [0158.278] SetErrorMode (uMode=0x1) returned 0x1 [0158.279] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x34b075c | out: lpFileInformation=0x34b075c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0158.279] GetLastError () returned 0xcb [0158.279] SetErrorMode (uMode=0x1) returned 0x1 [0158.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x2ae3ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0158.279] GetLastError () returned 0xcb [0158.279] SetErrorMode (uMode=0x1) returned 0x1 [0158.279] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x34b08f0 | out: lpFileInformation=0x34b08f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0158.279] GetLastError () returned 0xcb [0158.279] SetErrorMode (uMode=0x1) returned 0x1 [0158.285] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0158.285] GetLastError () returned 0xcb [0158.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x2ae534, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0158.297] GetLastError () returned 0xcb [0158.298] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x2ae4b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0158.298] GetLastError () returned 0xcb [0158.298] SetErrorMode (uMode=0x1) returned 0x1 [0158.298] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2ae930 | out: lpFileInformation=0x2ae930*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0158.298] GetLastError () returned 0xcb [0158.298] SetErrorMode (uMode=0x1) returned 0x1 [0158.298] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x2ae4b0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0158.298] GetLastError () returned 0xcb [0158.298] SetErrorMode (uMode=0x1) returned 0x1 [0158.298] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x2ae930 | out: lpFileInformation=0x2ae930*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0158.298] GetLastError () returned 0xcb [0158.298] SetErrorMode (uMode=0x1) returned 0x1 [0158.298] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x2ae4c4, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0158.298] GetLastError () returned 0xcb [0158.298] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x2ae460, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0158.298] GetLastError () returned 0xcb [0158.298] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x2ae4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0158.298] GetLastError () returned 0xcb [0158.298] SetErrorMode (uMode=0x1) returned 0x1 [0158.299] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x2ae930 | out: lpFileInformation=0x2ae930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0158.299] GetLastError () returned 0xcb [0158.299] SetErrorMode (uMode=0x1) returned 0x1 [0158.299] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x2ae4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0158.299] GetLastError () returned 0xcb [0158.299] SetErrorMode (uMode=0x1) returned 0x1 [0158.299] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x2ae930 | out: lpFileInformation=0x2ae930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0158.299] GetLastError () returned 0xcb [0158.299] SetErrorMode (uMode=0x1) returned 0x1 [0158.299] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x2ae4c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0158.299] GetLastError () returned 0xcb [0158.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x2ae460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0158.299] GetLastError () returned 0xcb [0158.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x2ae4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0158.299] GetLastError () returned 0xcb [0158.299] SetErrorMode (uMode=0x1) returned 0x1 [0158.299] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x2ae930 | out: lpFileInformation=0x2ae930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0158.299] GetLastError () returned 0xcb [0158.299] SetErrorMode (uMode=0x1) returned 0x1 [0158.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x2ae4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0158.299] GetLastError () returned 0xcb [0158.299] SetErrorMode (uMode=0x1) returned 0x1 [0158.300] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x2ae930 | out: lpFileInformation=0x2ae930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0158.300] GetLastError () returned 0xcb [0158.300] SetErrorMode (uMode=0x1) returned 0x1 [0158.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x2ae4c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0158.300] GetLastError () returned 0xcb [0158.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x2ae460, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0158.300] GetLastError () returned 0xcb [0158.300] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x2ae4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0158.300] GetLastError () returned 0xcb [0158.300] SetErrorMode (uMode=0x1) returned 0x1 [0158.300] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x2ae93c | out: lpFileInformation=0x2ae93c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0158.300] GetLastError () returned 0xcb [0158.300] SetErrorMode (uMode=0x1) returned 0x1 [0158.300] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x2ae4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0158.300] GetLastError () returned 0xcb [0158.300] SetErrorMode (uMode=0x1) returned 0x1 [0158.300] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x2ae93c | out: lpFileInformation=0x2ae93c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0158.300] GetLastError () returned 0xcb [0158.301] SetErrorMode (uMode=0x1) returned 0x1 [0158.301] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x2ae4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0158.301] GetLastError () returned 0xcb [0158.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x2ae46c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0158.301] GetLastError () returned 0xcb [0158.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x2ae4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0158.301] GetLastError () returned 0xcb [0158.301] SetErrorMode (uMode=0x1) returned 0x1 [0158.301] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x2ae93c | out: lpFileInformation=0x2ae93c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0158.301] GetLastError () returned 0xcb [0158.301] SetErrorMode (uMode=0x1) returned 0x1 [0158.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x2ae4bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0158.301] GetLastError () returned 0xcb [0158.301] SetErrorMode (uMode=0x1) returned 0x1 [0158.301] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x2ae93c | out: lpFileInformation=0x2ae93c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0158.301] GetLastError () returned 0xcb [0158.301] SetErrorMode (uMode=0x1) returned 0x1 [0158.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x2ae4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0158.301] GetLastError () returned 0xcb [0158.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x2ae46c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0158.301] GetLastError () returned 0xcb [0158.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x2ae58c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0158.304] GetLastError () returned 0xcb [0158.304] SetErrorMode (uMode=0x1) returned 0x1 [0158.304] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x34b8698 | out: lpFileInformation=0x34b8698*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0158.304] GetLastError () returned 0xcb [0158.304] SetErrorMode (uMode=0x1) returned 0x1 [0158.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.305] GetLastError () returned 0xcb [0158.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae584, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.305] GetLastError () returned 0xcb [0158.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae584, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.305] GetLastError () returned 0xcb [0158.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae584, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.305] GetLastError () returned 0xcb [0158.353] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x746ab0, nSize=0x2aeb28 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x2aeb28) returned 0x1 [0158.354] GetLastError () returned 0xcb [0158.354] GetUserNameW (in: lpBuffer=0x7462f0, pcbBuffer=0x2aeb30 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x2aeb30) returned 1 [0158.355] ReportEventW (hEventLog=0x4ea0004, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d98538*="Available", lpRawData=0x2d983f4) returned 1 [0158.355] GetLastError () returned 0x0 [0158.356] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0158.356] GetLastError () returned 0xcb [0158.357] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0158.357] GetLastError () returned 0xcb [0158.367] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae608, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.368] GetLastError () returned 0xcb [0158.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae5b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.368] GetLastError () returned 0xcb [0158.368] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae5b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.368] GetLastError () returned 0xcb [0158.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.371] GetLastError () returned 0xcb [0158.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae55c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.371] GetLastError () returned 0xcb [0158.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae55c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.371] GetLastError () returned 0xcb [0158.372] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0158.372] GetLastError () returned 0xcb [0158.372] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b [0158.372] GetLastError () returned 0xcb [0158.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.372] GetLastError () returned 0xcb [0158.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae55c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.372] GetLastError () returned 0xcb [0158.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae55c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.372] GetLastError () returned 0xcb [0158.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.372] GetLastError () returned 0xcb [0158.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae55c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.372] GetLastError () returned 0xcb [0158.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae55c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.372] GetLastError () returned 0xcb [0158.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.373] GetLastError () returned 0xcb [0158.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae55c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.373] GetLastError () returned 0xcb [0158.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae55c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.373] GetLastError () returned 0xcb [0158.373] GetCurrentProcessId () returned 0x358 [0158.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.373] GetLastError () returned 0xcb [0158.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae55c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.373] GetLastError () returned 0xcb [0158.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae55c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.373] GetLastError () returned 0xcb [0158.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae598, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.374] GetLastError () returned 0xcb [0158.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae548, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.374] GetLastError () returned 0xcb [0158.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae548, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.374] GetLastError () returned 0xcb [0158.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae598, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.374] GetLastError () returned 0xcb [0158.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae548, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.374] GetLastError () returned 0xcb [0158.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae548, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.374] GetLastError () returned 0xcb [0158.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.374] GetLastError () returned 0xcb [0158.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae55c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.374] GetLastError () returned 0xcb [0158.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae55c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.375] GetLastError () returned 0xcb [0158.375] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aeabc | out: phkResult=0x2aeabc*=0x358) returned 0x0 [0158.375] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2aeb04, lpData=0x0, lpcbData=0x2aeb00*=0x0 | out: lpType=0x2aeb04*=0x1, lpData=0x0, lpcbData=0x2aeb00*=0x56) returned 0x0 [0158.375] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2aeb04, lpData=0x7462f0, lpcbData=0x2aeb00*=0x56 | out: lpType=0x2aeb04*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2aeb00*=0x56) returned 0x0 [0158.376] RegCloseKey (hKey=0x358) returned 0x0 [0158.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.376] GetLastError () returned 0xcb [0158.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae55c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.376] GetLastError () returned 0xcb [0158.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae55c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.376] GetLastError () returned 0xcb [0158.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae594, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.376] GetLastError () returned 0xcb [0158.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae544, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.376] GetLastError () returned 0xcb [0158.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2ae544, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.376] GetLastError () returned 0xcb [0158.390] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0158.390] GetLastError () returned 0xcb [0158.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.390] GetLastError () returned 0xcb [0158.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.390] GetLastError () returned 0xcb [0158.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.390] GetLastError () returned 0xcb [0158.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.391] GetLastError () returned 0xcb [0158.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.391] GetLastError () returned 0xcb [0158.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.391] GetLastError () returned 0xcb [0158.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.391] GetLastError () returned 0xcb [0158.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.391] GetLastError () returned 0xcb [0158.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.391] GetLastError () returned 0xcb [0158.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.391] GetLastError () returned 0xcb [0158.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.391] GetLastError () returned 0xcb [0158.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.391] GetLastError () returned 0xcb [0158.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.391] GetLastError () returned 0xcb [0158.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.391] GetLastError () returned 0xcb [0158.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.392] GetLastError () returned 0xcb [0158.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.392] GetLastError () returned 0xcb [0158.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.392] GetLastError () returned 0xcb [0158.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.392] GetLastError () returned 0xcb [0158.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.392] GetLastError () returned 0xcb [0158.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.392] GetLastError () returned 0xcb [0158.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.392] GetLastError () returned 0xcb [0158.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.392] GetLastError () returned 0xcb [0158.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.392] GetLastError () returned 0xcb [0158.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.392] GetLastError () returned 0xcb [0158.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.392] GetLastError () returned 0xcb [0158.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.392] GetLastError () returned 0xcb [0158.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.393] GetLastError () returned 0xcb [0158.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.393] GetLastError () returned 0xcb [0158.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.393] GetLastError () returned 0xcb [0158.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.393] GetLastError () returned 0xcb [0158.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.393] GetLastError () returned 0xcb [0158.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.393] GetLastError () returned 0xcb [0158.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.393] GetLastError () returned 0xcb [0158.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.393] GetLastError () returned 0xcb [0158.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.393] GetLastError () returned 0xcb [0158.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.393] GetLastError () returned 0xcb [0158.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.393] GetLastError () returned 0xcb [0158.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.393] GetLastError () returned 0xcb [0158.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.394] GetLastError () returned 0xcb [0158.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.394] GetLastError () returned 0xcb [0158.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.394] GetLastError () returned 0xcb [0158.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.394] GetLastError () returned 0xcb [0158.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.394] GetLastError () returned 0xcb [0158.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.394] GetLastError () returned 0xcb [0158.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.394] GetLastError () returned 0xcb [0158.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.394] GetLastError () returned 0xcb [0158.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.394] GetLastError () returned 0xcb [0158.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.394] GetLastError () returned 0xcb [0158.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.401] GetLastError () returned 0xcb [0158.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.401] GetLastError () returned 0xcb [0158.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.401] GetLastError () returned 0xcb [0158.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.401] GetLastError () returned 0xcb [0158.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.418] GetLastError () returned 0xcb [0158.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.418] GetLastError () returned 0xcb [0158.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.418] GetLastError () returned 0xcb [0158.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adc04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.418] GetLastError () returned 0xcb [0158.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.418] GetLastError () returned 0xcb [0158.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adbb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.418] GetLastError () returned 0xcb [0158.418] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0158.420] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0158.420] GetLastError () returned 0xcb [0158.428] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0158.446] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0158.446] GetLastError () returned 0xcb [0158.449] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0158.449] GetLastError () returned 0xcb [0158.452] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0158.452] GetLastError () returned 0xcb [0158.458] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0158.458] GetLastError () returned 0xcb [0158.463] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0158.463] GetLastError () returned 0xcb [0158.483] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0158.485] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0158.565] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0158.574] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0158.574] GetLastError () returned 0xcb [0158.953] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x708470 [0158.954] GetLastError () returned 0x0 [0158.955] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x7084f8 [0158.956] GetLastError () returned 0x0 [0159.155] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.189] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.190] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.191] VirtualQuery (in: lpAddress=0x2ac7e4, lpBuffer=0x2ad7e4, dwLength=0x1c | out: lpBuffer=0x2ad7e4*(BaseAddress=0x2ac000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.222] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.222] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.222] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.222] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.222] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.223] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.223] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.223] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.223] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.223] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.223] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.223] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.223] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.223] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.223] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.224] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.224] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.224] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.224] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.224] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.224] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.224] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.224] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.224] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.224] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.224] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.224] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.224] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.224] VirtualQuery (in: lpAddress=0x2ad130, lpBuffer=0x2ae130, dwLength=0x1c | out: lpBuffer=0x2ae130*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0159.249] GetLastError () returned 0xcb [0159.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adedc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0159.249] GetLastError () returned 0xcb [0159.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adedc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0159.249] GetLastError () returned 0xcb [0159.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adedc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0159.249] GetLastError () returned 0xcb [0159.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0159.257] GetLastError () returned 0xcb [0159.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adedc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0159.257] GetLastError () returned 0xcb [0159.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adedc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0159.257] GetLastError () returned 0xcb [0159.257] VirtualQuery (in: lpAddress=0x2ad458, lpBuffer=0x2ae458, dwLength=0x1c | out: lpBuffer=0x2ae458*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adf2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0159.259] GetLastError () returned 0xcb [0159.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adedc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0159.259] GetLastError () returned 0xcb [0159.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x2adedc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0159.259] GetLastError () returned 0xcb [0159.259] VirtualQuery (in: lpAddress=0x2ad450, lpBuffer=0x2ae450, dwLength=0x1c | out: lpBuffer=0x2ae450*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.259] VirtualQuery (in: lpAddress=0x2ad104, lpBuffer=0x2ae104, dwLength=0x1c | out: lpBuffer=0x2ae104*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.259] VirtualQuery (in: lpAddress=0x2ad104, lpBuffer=0x2ae104, dwLength=0x1c | out: lpBuffer=0x2ae104*(BaseAddress=0x2ad000, AllocationBase=0x270000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.261] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aeb8c | out: phkResult=0x2aeb8c*=0x3a4) returned 0x0 [0159.262] RegQueryValueExW (in: hKey=0x3a4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2aebd4, lpData=0x0, lpcbData=0x2aebd0*=0x0 | out: lpType=0x2aebd4*=0x1, lpData=0x0, lpcbData=0x2aebd0*=0x56) returned 0x0 [0159.262] RegQueryValueExW (in: hKey=0x3a4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2aebd4, lpData=0x7462f0, lpcbData=0x2aebd0*=0x56 | out: lpType=0x2aebd4*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2aebd0*=0x56) returned 0x0 [0159.262] RegCloseKey (hKey=0x3a4) returned 0x0 [0159.262] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aeb8c | out: phkResult=0x2aeb8c*=0x3a4) returned 0x0 [0159.262] RegQueryValueExW (in: hKey=0x3a4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2aebd4, lpData=0x0, lpcbData=0x2aebd0*=0x0 | out: lpType=0x2aebd4*=0x1, lpData=0x0, lpcbData=0x2aebd0*=0x56) returned 0x0 [0159.263] RegQueryValueExW (in: hKey=0x3a4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x2aebd4, lpData=0x7462f0, lpcbData=0x2aebd0*=0x56 | out: lpType=0x2aebd4*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x2aebd0*=0x56) returned 0x0 [0159.263] RegCloseKey (hKey=0x3a4) returned 0x0 [0159.264] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x7462f0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0 [0159.264] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x2ae724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27 [0159.264] GetLastError () returned 0x3f0 [0159.264] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x7462f0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0 [0159.264] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x2ae724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27 [0159.264] GetLastError () returned 0x3f0 [0159.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x2ae7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36 [0159.265] GetLastError () returned 0x3f0 [0159.265] SetErrorMode (uMode=0x1) returned 0x1 [0159.266] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x2aec3c | out: lpFileInformation=0x2aec3c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0159.266] GetLastError () returned 0x2 [0159.266] SetErrorMode (uMode=0x1) returned 0x1 [0159.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x2ae7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b [0159.266] GetLastError () returned 0x2 [0159.266] SetErrorMode (uMode=0x1) returned 0x1 [0159.266] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x2aec3c | out: lpFileInformation=0x2aec3c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0159.266] GetLastError () returned 0x2 [0159.266] SetErrorMode (uMode=0x1) returned 0x1 [0159.266] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x2ae7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45 [0159.266] GetLastError () returned 0x2 [0159.266] SetErrorMode (uMode=0x1) returned 0x1 [0159.266] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x2aec3c | out: lpFileInformation=0x2aec3c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0159.268] GetLastError () returned 0x3 [0159.268] SetErrorMode (uMode=0x1) returned 0x1 [0159.268] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x2ae7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a [0159.268] GetLastError () returned 0x3 [0159.268] SetErrorMode (uMode=0x1) returned 0x1 [0159.268] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x2aec3c | out: lpFileInformation=0x2aec3c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0159.268] GetLastError () returned 0x3 [0159.268] SetErrorMode (uMode=0x1) returned 0x1 [0159.269] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.269] GetLastError () returned 0xcb [0159.271] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.271] GetLastError () returned 0xcb [0159.273] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.273] GetLastError () returned 0xcb [0159.275] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.275] GetLastError () returned 0xcb [0159.276] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.276] GetLastError () returned 0xcb [0159.286] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.286] GetLastError () returned 0xcb [0159.286] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a4 [0159.286] GetLastError () returned 0x0 [0159.286] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3a8 [0159.286] GetLastError () returned 0x0 [0159.286] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3ac [0159.286] GetLastError () returned 0x0 [0159.286] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b0 [0159.286] GetLastError () returned 0x0 [0159.286] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b4 [0159.286] GetLastError () returned 0x0 [0159.286] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3b8 [0159.287] GetLastError () returned 0x0 [0159.287] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3d8 [0159.287] GetLastError () returned 0x0 [0159.287] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x39c [0159.287] GetLastError () returned 0x0 [0159.287] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c0 [0159.287] GetLastError () returned 0x0 [0159.287] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3c4 [0159.287] GetLastError () returned 0x0 [0159.287] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x324 [0159.287] GetLastError () returned 0x0 [0159.287] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x328 [0159.287] GetLastError () returned 0x0 [0159.288] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.288] GetLastError () returned 0xcb [0159.294] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0159.294] GetLastError () returned 0xcb [0159.295] GetConsoleMode (in: hConsoleHandle=0x0, lpMode=0x2aec7c | out: lpMode=0x2aec7c) returned 0 [0159.295] GetLastError () returned 0x6 [0159.296] SetEvent (hEvent=0x3b0) returned 1 [0159.296] GetLastError () returned 0x6 [0159.296] SetEvent (hEvent=0x3a4) returned 1 [0159.296] GetLastError () returned 0x6 [0159.296] SetEvent (hEvent=0x3a8) returned 1 [0159.296] GetLastError () returned 0x6 [0159.296] SetEvent (hEvent=0x3ac) returned 1 [0159.296] GetLastError () returned 0x6 [0159.296] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c8 [0159.296] GetLastError () returned 0x0 [0159.297] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.297] GetLastError () returned 0xcb [0159.298] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aeae0 | out: phkResult=0x2aeae0*=0x348) returned 0x0 [0159.298] RegQueryValueExW (in: hKey=0x348, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x2aeb28, lpData=0x0, lpcbData=0x2aeb24*=0x0 | out: lpType=0x2aeb28*=0x0, lpData=0x0, lpcbData=0x2aeb24*=0x0) returned 0x2 [0161.052] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x384 [0161.052] GetLastError () returned 0x0 [0161.052] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x388 [0161.052] GetLastError () returned 0x0 [0161.052] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x38c [0161.052] GetLastError () returned 0x0 [0161.052] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x390 [0161.052] GetLastError () returned 0x0 [0161.052] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x394 [0161.052] GetLastError () returned 0x0 [0161.053] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x398 [0161.053] GetLastError () returned 0x0 [0161.053] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3d0 [0161.053] GetLastError () returned 0x0 [0161.053] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3bc [0161.053] GetLastError () returned 0x0 [0161.053] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3e0 [0161.053] GetLastError () returned 0x0 [0161.053] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3e4 [0161.053] GetLastError () returned 0x0 [0161.053] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3e8 [0161.053] GetLastError () returned 0x0 [0161.053] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3ec [0161.053] GetLastError () returned 0x0 [0161.053] SetEvent (hEvent=0x390) returned 1 [0161.053] GetLastError () returned 0x0 [0161.053] SetEvent (hEvent=0x384) returned 1 [0161.053] GetLastError () returned 0x0 [0161.053] SetEvent (hEvent=0x388) returned 1 [0161.054] GetLastError () returned 0x0 [0161.054] SetEvent (hEvent=0x38c) returned 1 [0161.054] GetLastError () returned 0x0 [0161.054] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f0 [0161.054] GetLastError () returned 0x0 [0161.054] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x2aeb14 | out: phkResult=0x2aeb14*=0x3f4) returned 0x0 [0161.054] RegQueryValueExW (in: hKey=0x3f4, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x2aeb5c, lpData=0x0, lpcbData=0x2aeb58*=0x0 | out: lpType=0x2aeb5c*=0x0, lpData=0x0, lpcbData=0x2aeb58*=0x0) returned 0x2 [0161.095] SetEvent (hEvent=0x394) returned 1 [0161.095] GetLastError () returned 0x0 [0161.095] SetEvent (hEvent=0x398) returned 1 [0161.095] GetLastError () returned 0x0 [0161.095] SetEvent (hEvent=0x3d0) returned 1 [0161.095] GetLastError () returned 0x0 [0161.136] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7462f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0161.136] GetLastError () returned 0xcb [0161.145] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x746ab0, nSize=0x2aebf0 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x2aebf0) returned 0x1 [0161.145] GetLastError () returned 0xcb [0161.145] GetUserNameW (in: lpBuffer=0x7462f0, pcbBuffer=0x2aebf8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x2aebf8) returned 1 [0161.147] ReportEventW (hEventLog=0x4ea0004, wType=0x4, wCategory=0x4, dwEventID=0x193, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2ca4178*="Stopped", lpRawData=0x2ca4034) returned 1 [0161.148] GetLastError () returned 0x0 [0161.150] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1 [0161.150] GetLastError () returned 0x0 [0161.152] CoGetContextToken (in: pToken=0x2af928 | out: pToken=0x2af928) returned 0x0 [0161.152] CObjectContext::QueryInterface () returned 0x0 [0161.152] CObjectContext::GetCurrentThreadType () returned 0x0 [0161.152] Release () returned 0x0 [0161.154] CoGetContextToken (in: pToken=0x2af700 | out: pToken=0x2af700) returned 0x0 [0161.154] CObjectContext::QueryInterface () returned 0x0 [0161.154] CObjectContext::GetCurrentThreadType () returned 0x0 [0161.154] Release () returned 0x0 [0161.157] CoGetContextToken (in: pToken=0x2af700 | out: pToken=0x2af700) returned 0x0 [0161.157] CObjectContext::QueryInterface () returned 0x0 [0161.157] CObjectContext::GetCurrentThreadType () returned 0x0 [0161.157] Release () returned 0x0 [0161.210] CoGetContextToken (in: pToken=0x2af700 | out: pToken=0x2af700) returned 0x0 [0161.210] CObjectContext::QueryInterface () returned 0x0 [0161.210] CObjectContext::GetCurrentThreadType () returned 0x0 [0161.210] Release () returned 0x0 [0161.212] CoGetContextToken (in: pToken=0x2af6e0 | out: pToken=0x2af6e0) returned 0x0 [0161.212] CObjectContext::QueryInterface () returned 0x0 [0161.212] CObjectContext::GetCurrentThreadType () returned 0x0 [0161.212] Release () returned 0x0 [0161.214] CoUninitialize () Thread: id = 279 os_tid = 0x660 Thread: id = 280 os_tid = 0x694 Thread: id = 281 os_tid = 0x668 Thread: id = 282 os_tid = 0x130 Thread: id = 283 os_tid = 0x68c [0145.740] CoGetContextToken (in: pToken=0x4aff598 | out: pToken=0x4aff598) returned 0x0 [0145.740] CObjectContext::QueryInterface () returned 0x0 [0145.740] CObjectContext::GetCurrentThreadType () returned 0x0 [0145.740] Release () returned 0x0 [0145.740] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0156.200] LocalFree (hMem=0x723fc8) returned 0x0 [0156.200] GetLastError () returned 0x0 [0156.200] CloseHandle (hObject=0x348) returned 1 [0156.200] GetLastError () returned 0x0 [0156.200] CloseHandle (hObject=0x13) returned 1 [0156.201] GetLastError () returned 0x0 [0156.201] CloseHandle (hObject=0xf) returned 1 [0156.201] GetLastError () returned 0x0 [0156.202] RegCloseKey (hKey=0x32c) returned 0x0 [0156.202] RegCloseKey (hKey=0x328) returned 0x0 [0156.202] RegCloseKey (hKey=0x324) returned 0x0 [0156.202] LocalFree (hMem=0x723fe8) returned 0x0 [0156.202] GetLastError () returned 0x0 [0156.202] RegCloseKey (hKey=0x358) returned 0x0 [0158.328] RegCloseKey (hKey=0x3d0) returned 0x0 [0158.328] RegCloseKey (hKey=0x398) returned 0x0 [0158.329] RegCloseKey (hKey=0x394) returned 0x0 [0158.329] RegCloseKey (hKey=0x390) returned 0x0 [0158.329] RegCloseKey (hKey=0x38c) returned 0x0 [0158.329] RegCloseKey (hKey=0x388) returned 0x0 [0158.329] RegCloseKey (hKey=0x384) returned 0x0 [0158.330] RegCloseKey (hKey=0x380) returned 0x0 [0158.330] RegCloseKey (hKey=0x37c) returned 0x0 [0158.330] RegCloseKey (hKey=0x3cc) returned 0x0 [0158.330] RegCloseKey (hKey=0x374) returned 0x0 [0158.331] RegCloseKey (hKey=0x370) returned 0x0 [0158.331] RegCloseKey (hKey=0x36c) returned 0x0 [0158.331] RegCloseKey (hKey=0x368) returned 0x0 [0158.331] RegCloseKey (hKey=0x364) returned 0x0 [0158.331] RegCloseKey (hKey=0x360) returned 0x0 [0158.332] RegCloseKey (hKey=0x35c) returned 0x0 [0158.332] RegCloseKey (hKey=0x348) returned 0x0 [0158.332] RegCloseKey (hKey=0x3c8) returned 0x0 [0158.332] RegCloseKey (hKey=0x328) returned 0x0 [0158.332] RegCloseKey (hKey=0x324) returned 0x0 [0158.332] RegCloseKey (hKey=0x3c4) returned 0x0 [0158.333] RegCloseKey (hKey=0x3c0) returned 0x0 [0158.333] RegCloseKey (hKey=0x39c) returned 0x0 [0158.333] RegCloseKey (hKey=0x3d8) returned 0x0 [0158.333] RegCloseKey (hKey=0x3b8) returned 0x0 [0158.333] RegCloseKey (hKey=0x3b4) returned 0x0 [0158.334] RegCloseKey (hKey=0x3b0) returned 0x0 [0158.334] RegCloseKey (hKey=0x3ac) returned 0x0 [0158.334] RegCloseKey (hKey=0x3a8) returned 0x0 [0158.334] RegCloseKey (hKey=0x3a4) returned 0x0 [0158.334] RegCloseKey (hKey=0x3a0) returned 0x0 [0158.335] RegCloseKey (hKey=0x32c) returned 0x0 [0158.335] RegCloseKey (hKey=0x3d4) returned 0x0 [0158.335] RegCloseKey (hKey=0x358) returned 0x0 [0159.649] RegCloseKey (hKey=0x348) returned 0x0 [0161.156] GetLastError () returned 0x0 [0161.156] GetLastError () returned 0x0 [0161.156] LocalFree (hMem=0x7084f8) returned 0x0 [0161.156] GetLastError () returned 0x0 [0161.157] GetLastError () returned 0x0 [0161.157] GetLastError () returned 0x0 [0161.157] LocalFree (hMem=0x708470) returned 0x0 [0161.157] GetLastError () returned 0x0 [0161.166] DeregisterEventSource (hEventLog=0x4ea0004) returned 1 [0161.166] GetLastError () returned 0x0 [0161.180] CloseHandle (hObject=0x5f) returned 1 [0161.181] GetLastError () returned 0x0 [0161.181] CloseHandle (hObject=0x5b) returned 1 [0161.181] GetLastError () returned 0x0 [0161.182] CloseHandle (hObject=0x57) returned 1 [0161.182] GetLastError () returned 0x0 [0161.182] CloseHandle (hObject=0x53) returned 1 [0161.183] GetLastError () returned 0x0 [0161.183] CloseHandle (hObject=0x4f) returned 1 [0161.183] GetLastError () returned 0x0 [0161.183] CloseHandle (hObject=0x4b) returned 1 [0161.184] GetLastError () returned 0x0 [0161.184] CloseHandle (hObject=0x47) returned 1 [0161.184] GetLastError () returned 0x0 [0161.185] CloseHandle (hObject=0x43) returned 1 [0161.185] GetLastError () returned 0x0 [0161.185] CloseHandle (hObject=0x3f) returned 1 [0161.186] GetLastError () returned 0x0 [0161.186] CloseHandle (hObject=0x3b) returned 1 [0161.186] GetLastError () returned 0x0 [0161.186] CloseHandle (hObject=0x37) returned 1 [0161.187] GetLastError () returned 0x0 [0161.187] CloseHandle (hObject=0x33) returned 1 [0161.187] GetLastError () returned 0x0 [0161.188] CloseHandle (hObject=0x2f) returned 1 [0161.188] GetLastError () returned 0x0 [0161.188] CloseHandle (hObject=0x2b) returned 1 [0161.189] GetLastError () returned 0x0 [0161.189] CloseHandle (hObject=0x27) returned 1 [0161.189] GetLastError () returned 0x0 [0161.189] CloseHandle (hObject=0x23) returned 1 [0161.190] GetLastError () returned 0x0 [0161.190] CloseHandle (hObject=0x380) returned 1 [0161.190] GetLastError () returned 0x0 [0161.190] UnmapViewOfFile (lpBaseAddress=0x53d0000) returned 1 [0161.191] CloseHandle (hObject=0x3c8) returned 1 [0161.191] GetLastError () returned 0x0 [0161.191] CloseHandle (hObject=0x328) returned 1 [0161.191] GetLastError () returned 0x0 [0161.191] CloseHandle (hObject=0x324) returned 1 [0161.191] GetLastError () returned 0x0 [0161.192] CloseHandle (hObject=0x3c4) returned 1 [0161.192] GetLastError () returned 0x0 [0161.192] CloseHandle (hObject=0x3c0) returned 1 [0161.192] GetLastError () returned 0x0 [0161.192] CloseHandle (hObject=0x39c) returned 1 [0161.192] GetLastError () returned 0x0 [0161.192] CloseHandle (hObject=0x3d8) returned 1 [0161.192] GetLastError () returned 0x0 [0161.193] CloseHandle (hObject=0x3b8) returned 1 [0161.193] GetLastError () returned 0x0 [0161.193] CloseHandle (hObject=0x3b4) returned 1 [0161.193] GetLastError () returned 0x0 [0161.193] CloseHandle (hObject=0x3b0) returned 1 [0161.193] GetLastError () returned 0x0 [0161.193] CloseHandle (hObject=0x3ac) returned 1 [0161.193] GetLastError () returned 0x0 [0161.194] CloseHandle (hObject=0x3a8) returned 1 [0161.194] GetLastError () returned 0x0 [0161.194] CloseHandle (hObject=0x3a4) returned 1 [0161.194] GetLastError () returned 0x0 [0161.194] CloseHandle (hObject=0x1f) returned 1 [0161.195] GetLastError () returned 0x0 [0161.195] CloseHandle (hObject=0x1b) returned 1 [0161.196] GetLastError () returned 0x0 [0161.196] CloseHandle (hObject=0x17) returned 1 [0161.196] GetLastError () returned 0x0 [0161.197] CloseHandle (hObject=0x13) returned 1 [0161.197] GetLastError () returned 0x0 [0161.197] RegCloseKey (hKey=0x3f4) returned 0x0 [0161.198] CloseHandle (hObject=0x3f0) returned 1 [0161.198] GetLastError () returned 0x0 [0161.198] CloseHandle (hObject=0x3ec) returned 1 [0161.198] GetLastError () returned 0x0 [0161.198] CloseHandle (hObject=0x3e8) returned 1 [0161.198] GetLastError () returned 0x0 [0161.199] CloseHandle (hObject=0x3e4) returned 1 [0161.199] GetLastError () returned 0x0 [0161.199] CloseHandle (hObject=0x3e0) returned 1 [0161.199] GetLastError () returned 0x0 [0161.199] CloseHandle (hObject=0x3bc) returned 1 [0161.199] GetLastError () returned 0x0 [0161.200] CloseHandle (hObject=0x3d0) returned 1 [0161.200] GetLastError () returned 0x0 [0161.200] CloseHandle (hObject=0x398) returned 1 [0161.200] GetLastError () returned 0x0 [0161.200] CloseHandle (hObject=0x394) returned 1 [0161.200] GetLastError () returned 0x0 [0161.200] CloseHandle (hObject=0x390) returned 1 [0161.200] GetLastError () returned 0x0 [0161.201] CloseHandle (hObject=0x38c) returned 1 [0161.201] GetLastError () returned 0x0 [0161.201] CloseHandle (hObject=0x388) returned 1 [0161.201] GetLastError () returned 0x0 [0161.201] CloseHandle (hObject=0x384) returned 1 [0161.201] GetLastError () returned 0x0 [0161.201] CloseHandle (hObject=0xf) returned 1 [0161.202] GetLastError () returned 0x0 [0161.202] CloseHandle (hObject=0x7f) returned 1 [0161.202] GetLastError () returned 0x0 [0161.203] CloseHandle (hObject=0x7b) returned 1 [0161.203] GetLastError () returned 0x0 [0161.203] CloseHandle (hObject=0x77) returned 1 [0161.204] GetLastError () returned 0x0 [0161.204] CloseHandle (hObject=0x73) returned 1 [0161.204] GetLastError () returned 0x0 [0161.205] CloseHandle (hObject=0x6f) returned 1 [0161.205] GetLastError () returned 0x0 [0161.205] CloseHandle (hObject=0x6b) returned 1 [0161.206] GetLastError () returned 0x0 [0161.206] CloseHandle (hObject=0x340) returned 1 [0161.206] GetLastError () returned 0x0 [0161.206] UnmapViewOfFile (lpBaseAddress=0x2860000) returned 1 [0161.207] CloseHandle (hObject=0x354) returned 1 [0161.207] GetLastError () returned 0x0 [0161.207] RegCloseKey (hKey=0x80000004) returned 0x0 [0161.208] CloseHandle (hObject=0x30c) returned 1 [0161.208] GetLastError () returned 0x0 [0161.208] CloseHandle (hObject=0x67) returned 1 [0161.208] GetLastError () returned 0x0 [0161.209] CloseHandle (hObject=0x63) returned 1 [0161.209] GetLastError () returned 0x0 Thread: id = 284 os_tid = 0x1e4 [0159.304] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0159.333] SetThreadUILanguage (LangId=0x0) returned 0x409 [0159.343] VirtualQuery (in: lpAddress=0x5ece1d0, lpBuffer=0x5ecf1d0, dwLength=0x1c | out: lpBuffer=0x5ecf1d0*(BaseAddress=0x5ece000, AllocationBase=0x5540000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.347] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7428f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.347] GetLastError () returned 0xcb [0159.351] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7428f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.351] GetLastError () returned 0xcb [0159.353] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7428f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.353] GetLastError () returned 0xcb [0159.370] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7428f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.370] GetLastError () returned 0xcb [0159.372] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7428f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.372] GetLastError () returned 0xcb [0159.374] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7428f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.374] GetLastError () returned 0xcb [0159.386] VirtualQuery (in: lpAddress=0x5ece2ec, lpBuffer=0x5ecf2ec, dwLength=0x1c | out: lpBuffer=0x5ecf2ec*(BaseAddress=0x5ece000, AllocationBase=0x5540000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.387] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7428f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.387] GetLastError () returned 0xcb [0159.389] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7428f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.389] GetLastError () returned 0xcb [0159.389] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7428f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.389] GetLastError () returned 0xcb [0159.398] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7428f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.398] GetLastError () returned 0xcb [0159.419] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7428f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.419] GetLastError () returned 0xcb [0159.458] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7428f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.458] GetLastError () returned 0xcb [0159.460] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7428f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.460] GetLastError () returned 0xcb [0159.461] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7428f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.461] GetLastError () returned 0xcb [0159.462] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7428f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.462] GetLastError () returned 0xcb [0159.464] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7428f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.464] GetLastError () returned 0xcb [0159.465] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7428f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.465] GetLastError () returned 0xcb [0159.466] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7428f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.466] GetLastError () returned 0xcb [0159.507] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x7428f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.507] GetLastError () returned 0xcb [0159.570] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x742948, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0159.570] GetLastError () returned 0xcb [0159.575] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x742948, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0159.575] GetLastError () returned 0xcb [0159.586] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x7809c8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0159.586] GetLastError () returned 0xcb [0159.598] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0159.598] GetLastError () returned 0xcb [0159.599] SetErrorMode (uMode=0x1) returned 0x1 [0159.604] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.ps1", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.604] GetLastError () returned 0x2 [0159.604] SetErrorMode (uMode=0x1) returned 0x1 [0159.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0159.607] GetLastError () returned 0x2 [0159.607] SetErrorMode (uMode=0x1) returned 0x1 [0159.607] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.psm1", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.607] GetLastError () returned 0x2 [0159.607] SetErrorMode (uMode=0x1) returned 0x1 [0159.607] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0159.607] GetLastError () returned 0x2 [0159.607] SetErrorMode (uMode=0x1) returned 0x1 [0159.607] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.psd1", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.607] GetLastError () returned 0x2 [0159.607] SetErrorMode (uMode=0x1) returned 0x1 [0159.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0159.608] GetLastError () returned 0x2 [0159.608] SetErrorMode (uMode=0x1) returned 0x1 [0159.608] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.COM", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.608] GetLastError () returned 0x2 [0159.608] SetErrorMode (uMode=0x1) returned 0x1 [0159.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0159.608] GetLastError () returned 0x2 [0159.608] SetErrorMode (uMode=0x1) returned 0x1 [0159.608] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.EXE", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.608] GetLastError () returned 0x2 [0159.608] SetErrorMode (uMode=0x1) returned 0x1 [0159.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0159.609] GetLastError () returned 0x2 [0159.609] SetErrorMode (uMode=0x1) returned 0x1 [0159.609] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.BAT", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.609] GetLastError () returned 0x2 [0159.609] SetErrorMode (uMode=0x1) returned 0x1 [0159.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0159.609] GetLastError () returned 0x2 [0159.609] SetErrorMode (uMode=0x1) returned 0x1 [0159.609] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.CMD", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.609] GetLastError () returned 0x2 [0159.609] SetErrorMode (uMode=0x1) returned 0x1 [0159.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0159.610] GetLastError () returned 0x2 [0159.610] SetErrorMode (uMode=0x1) returned 0x1 [0159.610] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.VBS", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.610] GetLastError () returned 0x2 [0159.610] SetErrorMode (uMode=0x1) returned 0x1 [0159.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0159.610] GetLastError () returned 0x2 [0159.610] SetErrorMode (uMode=0x1) returned 0x1 [0159.610] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.VBE", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.610] GetLastError () returned 0x2 [0159.610] SetErrorMode (uMode=0x1) returned 0x1 [0159.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0159.610] GetLastError () returned 0x2 [0159.610] SetErrorMode (uMode=0x1) returned 0x1 [0159.611] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.JS", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.611] GetLastError () returned 0x2 [0159.611] SetErrorMode (uMode=0x1) returned 0x1 [0159.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0159.611] GetLastError () returned 0x2 [0159.611] SetErrorMode (uMode=0x1) returned 0x1 [0159.611] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.JSE", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.611] GetLastError () returned 0x2 [0159.611] SetErrorMode (uMode=0x1) returned 0x1 [0159.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0159.611] GetLastError () returned 0x2 [0159.611] SetErrorMode (uMode=0x1) returned 0x1 [0159.612] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.WSF", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.612] GetLastError () returned 0x2 [0159.612] SetErrorMode (uMode=0x1) returned 0x1 [0159.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0159.612] GetLastError () returned 0x2 [0159.612] SetErrorMode (uMode=0x1) returned 0x1 [0159.612] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.WSH", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.612] GetLastError () returned 0x2 [0159.612] SetErrorMode (uMode=0x1) returned 0x1 [0159.612] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0159.612] GetLastError () returned 0x2 [0159.612] SetErrorMode (uMode=0x1) returned 0x1 [0159.613] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.MSC", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.613] GetLastError () returned 0x2 [0159.613] SetErrorMode (uMode=0x1) returned 0x1 [0159.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0159.613] GetLastError () returned 0x2 [0159.613] SetErrorMode (uMode=0x1) returned 0x1 [0159.613] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.613] GetLastError () returned 0x2 [0159.613] SetErrorMode (uMode=0x1) returned 0x1 [0159.616] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0159.616] GetLastError () returned 0x2 [0159.616] SetErrorMode (uMode=0x1) returned 0x1 [0159.616] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.ps1", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.616] GetLastError () returned 0x2 [0159.616] SetErrorMode (uMode=0x1) returned 0x1 [0159.616] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0159.616] GetLastError () returned 0x2 [0159.616] SetErrorMode (uMode=0x1) returned 0x1 [0159.616] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.psm1", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.617] GetLastError () returned 0x2 [0159.617] SetErrorMode (uMode=0x1) returned 0x1 [0159.617] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0159.617] GetLastError () returned 0x2 [0159.617] SetErrorMode (uMode=0x1) returned 0x1 [0159.617] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.psd1", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.617] GetLastError () returned 0x2 [0159.617] SetErrorMode (uMode=0x1) returned 0x1 [0159.617] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0159.617] GetLastError () returned 0x2 [0159.617] SetErrorMode (uMode=0x1) returned 0x1 [0159.617] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.COM", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.618] GetLastError () returned 0x2 [0159.618] SetErrorMode (uMode=0x1) returned 0x1 [0159.618] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0159.618] GetLastError () returned 0x2 [0159.618] SetErrorMode (uMode=0x1) returned 0x1 [0159.618] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.EXE", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.618] GetLastError () returned 0x2 [0159.618] SetErrorMode (uMode=0x1) returned 0x1 [0159.618] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0159.618] GetLastError () returned 0x2 [0159.649] SetErrorMode (uMode=0x1) returned 0x1 [0159.649] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.BAT", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.649] GetLastError () returned 0x2 [0159.649] SetErrorMode (uMode=0x1) returned 0x1 [0159.650] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0159.650] GetLastError () returned 0x2 [0159.650] SetErrorMode (uMode=0x1) returned 0x1 [0159.650] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.CMD", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.650] GetLastError () returned 0x2 [0159.650] SetErrorMode (uMode=0x1) returned 0x1 [0159.650] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0159.650] GetLastError () returned 0x2 [0159.650] SetErrorMode (uMode=0x1) returned 0x1 [0159.650] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.VBS", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.650] GetLastError () returned 0x2 [0159.650] SetErrorMode (uMode=0x1) returned 0x1 [0159.651] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0159.651] GetLastError () returned 0x2 [0159.651] SetErrorMode (uMode=0x1) returned 0x1 [0159.651] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.VBE", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.651] GetLastError () returned 0x2 [0159.651] SetErrorMode (uMode=0x1) returned 0x1 [0159.651] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0159.651] GetLastError () returned 0x2 [0159.651] SetErrorMode (uMode=0x1) returned 0x1 [0159.651] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.JS", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.651] GetLastError () returned 0x2 [0159.651] SetErrorMode (uMode=0x1) returned 0x1 [0159.651] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0159.651] GetLastError () returned 0x2 [0159.652] SetErrorMode (uMode=0x1) returned 0x1 [0159.652] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.JSE", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.652] GetLastError () returned 0x2 [0159.652] SetErrorMode (uMode=0x1) returned 0x1 [0159.652] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0159.652] GetLastError () returned 0x2 [0159.652] SetErrorMode (uMode=0x1) returned 0x1 [0159.652] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.WSF", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.652] GetLastError () returned 0x2 [0159.652] SetErrorMode (uMode=0x1) returned 0x1 [0159.652] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0159.652] GetLastError () returned 0x2 [0159.652] SetErrorMode (uMode=0x1) returned 0x1 [0159.653] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.WSH", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.653] GetLastError () returned 0x2 [0159.653] SetErrorMode (uMode=0x1) returned 0x1 [0159.653] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0159.653] GetLastError () returned 0x2 [0159.653] SetErrorMode (uMode=0x1) returned 0x1 [0159.653] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.MSC", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.653] GetLastError () returned 0x2 [0159.653] SetErrorMode (uMode=0x1) returned 0x1 [0159.653] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0159.653] GetLastError () returned 0x2 [0159.653] SetErrorMode (uMode=0x1) returned 0x1 [0159.654] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.654] GetLastError () returned 0x2 [0159.654] SetErrorMode (uMode=0x1) returned 0x1 [0159.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0159.654] GetLastError () returned 0x2 [0159.654] SetErrorMode (uMode=0x1) returned 0x1 [0159.654] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.ps1", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.654] GetLastError () returned 0x2 [0159.654] SetErrorMode (uMode=0x1) returned 0x1 [0159.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0159.654] GetLastError () returned 0x2 [0159.654] SetErrorMode (uMode=0x1) returned 0x1 [0159.655] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.psm1", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.655] GetLastError () returned 0x2 [0159.655] SetErrorMode (uMode=0x1) returned 0x1 [0159.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0159.655] GetLastError () returned 0x2 [0159.655] SetErrorMode (uMode=0x1) returned 0x1 [0159.655] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.psd1", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.655] GetLastError () returned 0x2 [0159.655] SetErrorMode (uMode=0x1) returned 0x1 [0159.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0159.655] GetLastError () returned 0x2 [0159.655] SetErrorMode (uMode=0x1) returned 0x1 [0159.656] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.COM", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.656] GetLastError () returned 0x2 [0159.656] SetErrorMode (uMode=0x1) returned 0x1 [0159.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0159.656] GetLastError () returned 0x2 [0159.656] SetErrorMode (uMode=0x1) returned 0x1 [0159.656] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.EXE", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.656] GetLastError () returned 0x2 [0159.656] SetErrorMode (uMode=0x1) returned 0x1 [0159.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0159.656] GetLastError () returned 0x2 [0159.656] SetErrorMode (uMode=0x1) returned 0x1 [0159.657] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.BAT", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.657] GetLastError () returned 0x2 [0159.657] SetErrorMode (uMode=0x1) returned 0x1 [0159.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0159.657] GetLastError () returned 0x2 [0159.657] SetErrorMode (uMode=0x1) returned 0x1 [0159.657] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.CMD", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.657] GetLastError () returned 0x2 [0159.657] SetErrorMode (uMode=0x1) returned 0x1 [0159.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0159.657] GetLastError () returned 0x2 [0159.657] SetErrorMode (uMode=0x1) returned 0x1 [0159.658] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.VBS", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.658] GetLastError () returned 0x2 [0159.658] SetErrorMode (uMode=0x1) returned 0x1 [0159.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0159.658] GetLastError () returned 0x2 [0159.658] SetErrorMode (uMode=0x1) returned 0x1 [0159.658] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.VBE", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.658] GetLastError () returned 0x2 [0159.658] SetErrorMode (uMode=0x1) returned 0x1 [0159.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0159.658] GetLastError () returned 0x2 [0159.658] SetErrorMode (uMode=0x1) returned 0x1 [0159.659] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.JS", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.659] GetLastError () returned 0x2 [0159.659] SetErrorMode (uMode=0x1) returned 0x1 [0159.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0159.659] GetLastError () returned 0x2 [0159.659] SetErrorMode (uMode=0x1) returned 0x1 [0159.659] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.JSE", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.659] GetLastError () returned 0x2 [0159.659] SetErrorMode (uMode=0x1) returned 0x1 [0159.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0159.659] GetLastError () returned 0x2 [0159.659] SetErrorMode (uMode=0x1) returned 0x1 [0159.659] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.WSF", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.660] GetLastError () returned 0x2 [0159.660] SetErrorMode (uMode=0x1) returned 0x1 [0159.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0159.660] GetLastError () returned 0x2 [0159.660] SetErrorMode (uMode=0x1) returned 0x1 [0159.660] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.WSH", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.660] GetLastError () returned 0x2 [0159.660] SetErrorMode (uMode=0x1) returned 0x1 [0159.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0159.660] GetLastError () returned 0x2 [0159.660] SetErrorMode (uMode=0x1) returned 0x1 [0159.660] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.MSC", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.661] GetLastError () returned 0x2 [0159.661] SetErrorMode (uMode=0x1) returned 0x1 [0159.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0159.661] GetLastError () returned 0x2 [0159.661] SetErrorMode (uMode=0x1) returned 0x1 [0159.661] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.661] GetLastError () returned 0x2 [0159.661] SetErrorMode (uMode=0x1) returned 0x1 [0159.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0159.661] GetLastError () returned 0x2 [0159.661] SetErrorMode (uMode=0x1) returned 0x1 [0159.661] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.ps1", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.662] GetLastError () returned 0x2 [0159.662] SetErrorMode (uMode=0x1) returned 0x1 [0159.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0159.662] GetLastError () returned 0x2 [0159.662] SetErrorMode (uMode=0x1) returned 0x1 [0159.662] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.psm1", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.662] GetLastError () returned 0x2 [0159.662] SetErrorMode (uMode=0x1) returned 0x1 [0159.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0159.662] GetLastError () returned 0x2 [0159.662] SetErrorMode (uMode=0x1) returned 0x1 [0159.663] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.psd1", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.663] GetLastError () returned 0x2 [0159.663] SetErrorMode (uMode=0x1) returned 0x1 [0159.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0159.663] GetLastError () returned 0x2 [0159.663] SetErrorMode (uMode=0x1) returned 0x1 [0159.663] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.COM", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.663] GetLastError () returned 0x2 [0159.663] SetErrorMode (uMode=0x1) returned 0x1 [0159.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0159.663] GetLastError () returned 0x2 [0159.663] SetErrorMode (uMode=0x1) returned 0x1 [0159.663] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.EXE", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.664] GetLastError () returned 0x2 [0159.664] SetErrorMode (uMode=0x1) returned 0x1 [0159.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0159.664] GetLastError () returned 0x2 [0159.664] SetErrorMode (uMode=0x1) returned 0x1 [0159.664] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.BAT", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.664] GetLastError () returned 0x2 [0159.664] SetErrorMode (uMode=0x1) returned 0x1 [0159.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0159.664] GetLastError () returned 0x2 [0159.664] SetErrorMode (uMode=0x1) returned 0x1 [0159.664] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.CMD", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.665] GetLastError () returned 0x2 [0159.665] SetErrorMode (uMode=0x1) returned 0x1 [0159.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0159.665] GetLastError () returned 0x2 [0159.665] SetErrorMode (uMode=0x1) returned 0x1 [0159.665] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.VBS", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.665] GetLastError () returned 0x2 [0159.665] SetErrorMode (uMode=0x1) returned 0x1 [0159.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0159.665] GetLastError () returned 0x2 [0159.665] SetErrorMode (uMode=0x1) returned 0x1 [0159.665] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.VBE", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.666] GetLastError () returned 0x2 [0159.666] SetErrorMode (uMode=0x1) returned 0x1 [0159.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0159.666] GetLastError () returned 0x2 [0159.666] SetErrorMode (uMode=0x1) returned 0x1 [0159.666] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.JS", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.666] GetLastError () returned 0x2 [0159.666] SetErrorMode (uMode=0x1) returned 0x1 [0159.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0159.666] GetLastError () returned 0x2 [0159.666] SetErrorMode (uMode=0x1) returned 0x1 [0159.666] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.JSE", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.667] GetLastError () returned 0x2 [0159.667] SetErrorMode (uMode=0x1) returned 0x1 [0159.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0159.667] GetLastError () returned 0x2 [0159.667] SetErrorMode (uMode=0x1) returned 0x1 [0159.667] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.WSF", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.667] GetLastError () returned 0x2 [0159.667] SetErrorMode (uMode=0x1) returned 0x1 [0159.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0159.667] GetLastError () returned 0x2 [0159.667] SetErrorMode (uMode=0x1) returned 0x1 [0159.667] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.WSH", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.668] GetLastError () returned 0x2 [0159.668] SetErrorMode (uMode=0x1) returned 0x1 [0159.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0159.668] GetLastError () returned 0x2 [0159.668] SetErrorMode (uMode=0x1) returned 0x1 [0159.668] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.MSC", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.668] GetLastError () returned 0x2 [0159.668] SetErrorMode (uMode=0x1) returned 0x1 [0159.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5ece930, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0159.668] GetLastError () returned 0x2 [0159.668] SetErrorMode (uMode=0x1) returned 0x1 [0159.668] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference", lpFindFileData=0x7809c8 | out: lpFindFileData=0x7809c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0159.669] GetLastError () returned 0x2 [0159.669] SetErrorMode (uMode=0x1) returned 0x1 [0159.673] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x742948, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.673] GetLastError () returned 0xcb [0159.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5ece9bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0159.674] GetLastError () returned 0x2 [0159.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5ece96c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0159.674] GetLastError () returned 0x2 [0159.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5ece96c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0159.674] GetLastError () returned 0x2 [0159.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5ece96c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0159.674] GetLastError () returned 0x2 [0159.727] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x742948, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.727] GetLastError () returned 0xcb [0160.055] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x742948, nSize=0x80 | out: lpBuffer="") returned 0x0 [0160.055] GetLastError () returned 0xcb [0160.059] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x742948, nSize=0x80 | out: lpBuffer="") returned 0x0 [0160.059] GetLastError () returned 0xcb [0160.122] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x742948, nSize=0x80 | out: lpBuffer="") returned 0x0 [0160.122] GetLastError () returned 0xcb [0160.127] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x742948, nSize=0x80 | out: lpBuffer="") returned 0x0 [0160.127] GetLastError () returned 0xcb [0160.129] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x742948, nSize=0x80 | out: lpBuffer="") returned 0x0 [0160.129] GetLastError () returned 0xcb [0160.146] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x742948, nSize=0x80 | out: lpBuffer="") returned 0x0 [0160.146] GetLastError () returned 0xcb [0160.229] VirtualQuery (in: lpAddress=0x5ecd9bc, lpBuffer=0x5ece9bc, dwLength=0x1c | out: lpBuffer=0x5ece9bc*(BaseAddress=0x5ecd000, AllocationBase=0x5540000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.246] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x742948, nSize=0x80 | out: lpBuffer="") returned 0x0 [0160.246] GetLastError () returned 0xcb [0160.306] VirtualQuery (in: lpAddress=0x5ecd9bc, lpBuffer=0x5ece9bc, dwLength=0x1c | out: lpBuffer=0x5ece9bc*(BaseAddress=0x5ecd000, AllocationBase=0x5540000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5ecdff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0160.312] GetLastError () returned 0xcb [0160.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5ecdfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0160.312] GetLastError () returned 0xcb [0160.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5ecdfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0160.312] GetLastError () returned 0xcb [0160.312] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5ecdfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0160.313] GetLastError () returned 0xcb [0160.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5ecdff0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0160.338] GetLastError () returned 0xcb [0160.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5ecdfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0160.338] GetLastError () returned 0xcb [0160.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5ecdfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0160.338] GetLastError () returned 0xcb [0160.377] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0160.377] GetLastError () returned 0xcb [0160.377] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5ece500 | out: lpConsoleScreenBufferInfo=0x5ece500) returned 1 [0160.377] GetLastError () returned 0xcb [0160.386] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x742948, nSize=0x80 | out: lpBuffer="") returned 0x0 [0160.386] GetLastError () returned 0xcb [0160.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5ece000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0160.389] GetLastError () returned 0xcb [0160.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5ece000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0160.389] GetLastError () returned 0xcb [0160.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5ece000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0160.389] GetLastError () returned 0xcb [0160.488] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x742948, nSize=0x80 | out: lpBuffer="") returned 0x0 [0160.488] GetLastError () returned 0xcb [0160.535] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13 [0160.535] GetLastError () returned 0xcb [0160.535] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x5ecec14 | out: lpConsoleScreenBufferInfo=0x5ecec14) returned 1 [0160.536] GetLastError () returned 0xcb [0160.539] GetConsoleOutputCP () returned 0x1b5 [0160.541] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb70, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb70) returned 0 [0160.542] GetLastError () returned 0xcb [0160.542] GetConsoleOutputCP () returned 0x1b5 [0160.542] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb70, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb70) returned 0 [0160.542] GetLastError () returned 0xcb [0160.542] GetConsoleOutputCP () returned 0x1b5 [0160.542] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.542] GetLastError () returned 0xcb [0160.542] GetConsoleOutputCP () returned 0x1b5 [0160.542] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.543] GetLastError () returned 0xcb [0160.543] GetConsoleOutputCP () returned 0x1b5 [0160.543] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.543] GetLastError () returned 0xcb [0160.543] GetConsoleOutputCP () returned 0x1b5 [0160.543] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.543] GetLastError () returned 0xcb [0160.543] GetConsoleOutputCP () returned 0x1b5 [0160.543] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.543] GetLastError () returned 0xcb [0160.543] GetConsoleOutputCP () returned 0x1b5 [0160.543] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.543] GetLastError () returned 0xcb [0160.543] GetConsoleOutputCP () returned 0x1b5 [0160.543] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.544] GetLastError () returned 0xcb [0160.544] GetConsoleOutputCP () returned 0x1b5 [0160.544] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.544] GetLastError () returned 0xcb [0160.544] GetConsoleOutputCP () returned 0x1b5 [0160.544] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.544] GetLastError () returned 0xcb [0160.544] GetConsoleOutputCP () returned 0x1b5 [0160.544] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.544] GetLastError () returned 0xcb [0160.544] GetConsoleOutputCP () returned 0x1b5 [0160.544] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.544] GetLastError () returned 0xcb [0160.544] GetConsoleOutputCP () returned 0x1b5 [0160.544] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.545] GetLastError () returned 0xcb [0160.545] GetConsoleOutputCP () returned 0x1b5 [0160.545] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.545] GetLastError () returned 0xcb [0160.545] GetConsoleOutputCP () returned 0x1b5 [0160.545] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.545] GetLastError () returned 0xcb [0160.545] GetConsoleOutputCP () returned 0x1b5 [0160.545] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.545] GetLastError () returned 0xcb [0160.545] GetConsoleOutputCP () returned 0x1b5 [0160.545] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.545] GetLastError () returned 0xcb [0160.545] GetConsoleOutputCP () returned 0x1b5 [0160.545] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.545] GetLastError () returned 0xcb [0160.546] GetConsoleOutputCP () returned 0x1b5 [0160.546] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.546] GetLastError () returned 0xcb [0160.546] GetConsoleOutputCP () returned 0x1b5 [0160.546] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.546] GetLastError () returned 0xcb [0160.546] GetConsoleOutputCP () returned 0x1b5 [0160.546] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.546] GetLastError () returned 0xcb [0160.546] GetConsoleOutputCP () returned 0x1b5 [0160.546] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.546] GetLastError () returned 0xcb [0160.546] GetConsoleOutputCP () returned 0x1b5 [0160.547] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.547] GetLastError () returned 0xcb [0160.547] GetConsoleOutputCP () returned 0x1b5 [0160.547] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.547] GetLastError () returned 0xcb [0160.547] GetConsoleOutputCP () returned 0x1b5 [0160.547] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.547] GetLastError () returned 0xcb [0160.547] GetConsoleOutputCP () returned 0x1b5 [0160.547] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.547] GetLastError () returned 0xcb [0160.547] GetConsoleOutputCP () returned 0x1b5 [0160.547] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.547] GetLastError () returned 0xcb [0160.547] GetConsoleOutputCP () returned 0x1b5 [0160.548] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.548] GetLastError () returned 0xcb [0160.548] GetConsoleOutputCP () returned 0x1b5 [0160.548] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.548] GetLastError () returned 0xcb [0160.548] GetConsoleOutputCP () returned 0x1b5 [0160.548] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.548] GetLastError () returned 0xcb [0160.548] GetConsoleOutputCP () returned 0x1b5 [0160.548] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.548] GetLastError () returned 0xcb [0160.548] GetConsoleOutputCP () returned 0x1b5 [0160.549] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.549] GetLastError () returned 0xcb [0160.549] GetConsoleOutputCP () returned 0x1b5 [0160.549] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.549] GetLastError () returned 0xcb [0160.549] GetConsoleOutputCP () returned 0x1b5 [0160.549] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.549] GetLastError () returned 0xcb [0160.549] GetConsoleOutputCP () returned 0x1b5 [0160.549] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.549] GetLastError () returned 0xcb [0160.549] GetConsoleOutputCP () returned 0x1b5 [0160.549] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.549] GetLastError () returned 0xcb [0160.549] GetConsoleOutputCP () returned 0x1b5 [0160.550] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.550] GetLastError () returned 0xcb [0160.550] GetConsoleOutputCP () returned 0x1b5 [0160.550] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.550] GetLastError () returned 0xcb [0160.550] GetConsoleOutputCP () returned 0x1b5 [0160.550] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.550] GetLastError () returned 0xcb [0160.550] GetConsoleOutputCP () returned 0x1b5 [0160.550] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.550] GetLastError () returned 0xcb [0160.550] GetConsoleOutputCP () returned 0x1b5 [0160.550] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.550] GetLastError () returned 0xcb [0160.550] GetConsoleOutputCP () returned 0x1b5 [0160.551] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.551] GetLastError () returned 0xcb [0160.551] GetConsoleOutputCP () returned 0x1b5 [0160.551] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.551] GetLastError () returned 0xcb [0160.551] GetConsoleOutputCP () returned 0x1b5 [0160.551] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.551] GetLastError () returned 0xcb [0160.551] GetConsoleOutputCP () returned 0x1b5 [0160.551] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.551] GetLastError () returned 0xcb [0160.551] GetConsoleOutputCP () returned 0x1b5 [0160.551] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.551] GetLastError () returned 0xcb [0160.551] GetConsoleOutputCP () returned 0x1b5 [0160.551] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.552] GetLastError () returned 0xcb [0160.552] GetConsoleOutputCP () returned 0x1b5 [0160.552] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.552] GetLastError () returned 0xcb [0160.552] GetConsoleOutputCP () returned 0x1b5 [0160.552] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.552] GetLastError () returned 0xcb [0160.552] GetConsoleOutputCP () returned 0x1b5 [0160.552] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.552] GetLastError () returned 0xcb [0160.552] GetConsoleOutputCP () returned 0x1b5 [0160.552] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.552] GetLastError () returned 0xcb [0160.552] GetConsoleOutputCP () returned 0x1b5 [0160.552] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.552] GetLastError () returned 0xcb [0160.552] GetConsoleOutputCP () returned 0x1b5 [0160.553] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.553] GetLastError () returned 0xcb [0160.553] GetConsoleOutputCP () returned 0x1b5 [0160.553] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.553] GetLastError () returned 0xcb [0160.553] GetConsoleOutputCP () returned 0x1b5 [0160.553] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.553] GetLastError () returned 0xcb [0160.553] GetConsoleOutputCP () returned 0x1b5 [0160.553] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.553] GetLastError () returned 0xcb [0160.553] GetConsoleOutputCP () returned 0x1b5 [0160.553] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.553] GetLastError () returned 0xcb [0160.553] GetConsoleOutputCP () returned 0x1b5 [0160.554] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.554] GetLastError () returned 0xcb [0160.554] GetConsoleOutputCP () returned 0x1b5 [0160.554] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.554] GetLastError () returned 0xcb [0160.554] GetConsoleOutputCP () returned 0x1b5 [0160.554] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.554] GetLastError () returned 0xcb [0160.554] GetConsoleOutputCP () returned 0x1b5 [0160.554] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.554] GetLastError () returned 0xcb [0160.554] GetConsoleOutputCP () returned 0x1b5 [0160.554] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.554] GetLastError () returned 0xcb [0160.554] GetConsoleOutputCP () returned 0x1b5 [0160.554] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.554] GetLastError () returned 0xcb [0160.555] GetConsoleOutputCP () returned 0x1b5 [0160.555] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.555] GetLastError () returned 0xcb [0160.555] GetConsoleOutputCP () returned 0x1b5 [0160.555] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.555] GetLastError () returned 0xcb [0160.555] GetConsoleOutputCP () returned 0x1b5 [0160.555] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.555] GetLastError () returned 0xcb [0160.555] GetConsoleOutputCP () returned 0x1b5 [0160.555] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.555] GetLastError () returned 0xcb [0160.555] GetConsoleOutputCP () returned 0x1b5 [0160.555] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.555] GetLastError () returned 0xcb [0160.555] GetConsoleOutputCP () returned 0x1b5 [0160.556] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.556] GetLastError () returned 0xcb [0160.556] GetConsoleOutputCP () returned 0x1b5 [0160.556] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.556] GetLastError () returned 0xcb [0160.556] GetConsoleOutputCP () returned 0x1b5 [0160.556] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.556] GetLastError () returned 0xcb [0160.556] GetConsoleOutputCP () returned 0x1b5 [0160.556] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.556] GetLastError () returned 0xcb [0160.556] GetConsoleOutputCP () returned 0x1b5 [0160.556] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.556] GetLastError () returned 0xcb [0160.556] GetConsoleOutputCP () returned 0x1b5 [0160.557] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.557] GetLastError () returned 0xcb [0160.557] GetConsoleOutputCP () returned 0x1b5 [0160.557] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.557] GetLastError () returned 0xcb [0160.557] GetConsoleOutputCP () returned 0x1b5 [0160.557] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.557] GetLastError () returned 0xcb [0160.557] GetConsoleOutputCP () returned 0x1b5 [0160.557] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.557] GetLastError () returned 0xcb [0160.557] GetConsoleOutputCP () returned 0x1b5 [0160.557] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.557] GetLastError () returned 0xcb [0160.557] GetConsoleOutputCP () returned 0x1b5 [0160.557] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.557] GetLastError () returned 0xcb [0160.557] GetConsoleOutputCP () returned 0x1b5 [0160.558] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.558] GetLastError () returned 0xcb [0160.558] GetConsoleOutputCP () returned 0x1b5 [0160.558] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb70, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb70) returned 0 [0160.558] GetLastError () returned 0xcb [0160.558] GetConsoleOutputCP () returned 0x1b5 [0160.558] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.558] GetLastError () returned 0xcb [0160.558] GetConsoleOutputCP () returned 0x1b5 [0160.558] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.558] GetLastError () returned 0xcb [0160.558] GetConsoleOutputCP () returned 0x1b5 [0160.558] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.558] GetLastError () returned 0xcb [0160.558] GetConsoleOutputCP () returned 0x1b5 [0160.559] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.559] GetLastError () returned 0xcb [0160.559] GetConsoleOutputCP () returned 0x1b5 [0160.559] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.559] GetLastError () returned 0xcb [0160.559] GetConsoleOutputCP () returned 0x1b5 [0160.559] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.559] GetLastError () returned 0xcb [0160.559] GetConsoleOutputCP () returned 0x1b5 [0160.559] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.559] GetLastError () returned 0xcb [0160.559] GetConsoleOutputCP () returned 0x1b5 [0160.559] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.559] GetLastError () returned 0xcb [0160.559] GetConsoleOutputCP () returned 0x1b5 [0160.559] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.560] GetLastError () returned 0xcb [0160.560] GetConsoleOutputCP () returned 0x1b5 [0160.560] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.560] GetLastError () returned 0xcb [0160.560] GetConsoleOutputCP () returned 0x1b5 [0160.560] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.560] GetLastError () returned 0xcb [0160.560] GetConsoleOutputCP () returned 0x1b5 [0160.560] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.560] GetLastError () returned 0xcb [0160.560] GetConsoleOutputCP () returned 0x1b5 [0160.560] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.560] GetLastError () returned 0xcb [0160.560] GetConsoleOutputCP () returned 0x1b5 [0160.560] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.560] GetLastError () returned 0xcb [0160.560] GetConsoleOutputCP () returned 0x1b5 [0160.561] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.561] GetLastError () returned 0xcb [0160.561] GetConsoleOutputCP () returned 0x1b5 [0160.561] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.561] GetLastError () returned 0xcb [0160.561] GetConsoleOutputCP () returned 0x1b5 [0160.561] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.561] GetLastError () returned 0xcb [0160.561] GetConsoleOutputCP () returned 0x1b5 [0160.561] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.561] GetLastError () returned 0xcb [0160.561] GetConsoleOutputCP () returned 0x1b5 [0160.561] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.561] GetLastError () returned 0xcb [0160.561] GetConsoleOutputCP () returned 0x1b5 [0160.562] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.562] GetLastError () returned 0xcb [0160.562] GetConsoleOutputCP () returned 0x1b5 [0160.562] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.562] GetLastError () returned 0xcb [0160.562] GetConsoleOutputCP () returned 0x1b5 [0160.562] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.562] GetLastError () returned 0xcb [0160.562] GetConsoleOutputCP () returned 0x1b5 [0160.562] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.562] GetLastError () returned 0xcb [0160.562] GetConsoleOutputCP () returned 0x1b5 [0160.562] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.562] GetLastError () returned 0xcb [0160.562] GetConsoleOutputCP () returned 0x1b5 [0160.562] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.562] GetLastError () returned 0xcb [0160.563] GetConsoleOutputCP () returned 0x1b5 [0160.563] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.563] GetLastError () returned 0xcb [0160.563] GetConsoleOutputCP () returned 0x1b5 [0160.563] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.563] GetLastError () returned 0xcb [0160.563] GetConsoleOutputCP () returned 0x1b5 [0160.563] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.563] GetLastError () returned 0xcb [0160.563] GetConsoleOutputCP () returned 0x1b5 [0160.563] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.563] GetLastError () returned 0xcb [0160.563] GetConsoleOutputCP () returned 0x1b5 [0160.563] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.563] GetLastError () returned 0xcb [0160.563] GetConsoleOutputCP () returned 0x1b5 [0160.564] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.564] GetLastError () returned 0xcb [0160.564] GetConsoleOutputCP () returned 0x1b5 [0160.564] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.564] GetLastError () returned 0xcb [0160.564] GetConsoleOutputCP () returned 0x1b5 [0160.564] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.564] GetLastError () returned 0xcb [0160.564] GetConsoleOutputCP () returned 0x1b5 [0160.564] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.564] GetLastError () returned 0xcb [0160.564] GetConsoleOutputCP () returned 0x1b5 [0160.564] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.564] GetLastError () returned 0xcb [0160.564] GetConsoleOutputCP () returned 0x1b5 [0160.564] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.565] GetLastError () returned 0xcb [0160.565] GetConsoleOutputCP () returned 0x1b5 [0160.565] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.565] GetLastError () returned 0xcb [0160.565] GetConsoleOutputCP () returned 0x1b5 [0160.565] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.565] GetLastError () returned 0xcb [0160.565] GetConsoleOutputCP () returned 0x1b5 [0160.565] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.565] GetLastError () returned 0xcb [0160.565] GetConsoleOutputCP () returned 0x1b5 [0160.565] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.565] GetLastError () returned 0xcb [0160.565] GetConsoleOutputCP () returned 0x1b5 [0160.565] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.565] GetLastError () returned 0xcb [0160.565] GetConsoleOutputCP () returned 0x1b5 [0160.566] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.566] GetLastError () returned 0xcb [0160.566] GetConsoleOutputCP () returned 0x1b5 [0160.566] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.566] GetLastError () returned 0xcb [0160.566] GetConsoleOutputCP () returned 0x1b5 [0160.566] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.566] GetLastError () returned 0xcb [0160.566] GetConsoleOutputCP () returned 0x1b5 [0160.566] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.566] GetLastError () returned 0xcb [0160.566] GetConsoleOutputCP () returned 0x1b5 [0160.566] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.566] GetLastError () returned 0xcb [0160.566] GetConsoleOutputCP () returned 0x1b5 [0160.567] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.567] GetLastError () returned 0xcb [0160.567] GetConsoleOutputCP () returned 0x1b5 [0160.567] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.567] GetLastError () returned 0xcb [0160.567] GetConsoleOutputCP () returned 0x1b5 [0160.567] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.567] GetLastError () returned 0xcb [0160.567] GetConsoleOutputCP () returned 0x1b5 [0160.567] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.567] GetLastError () returned 0xcb [0160.567] GetConsoleOutputCP () returned 0x1b5 [0160.567] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.567] GetLastError () returned 0xcb [0160.567] GetConsoleOutputCP () returned 0x1b5 [0160.567] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.568] GetLastError () returned 0xcb [0160.568] GetConsoleOutputCP () returned 0x1b5 [0160.568] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.568] GetLastError () returned 0xcb [0160.568] GetConsoleOutputCP () returned 0x1b5 [0160.568] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.568] GetLastError () returned 0xcb [0160.568] GetConsoleOutputCP () returned 0x1b5 [0160.568] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.568] GetLastError () returned 0xcb [0160.568] GetConsoleOutputCP () returned 0x1b5 [0160.568] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.568] GetLastError () returned 0xcb [0160.568] GetConsoleOutputCP () returned 0x1b5 [0160.568] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.568] GetLastError () returned 0xcb [0160.568] GetConsoleOutputCP () returned 0x1b5 [0160.569] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.569] GetLastError () returned 0xcb [0160.569] GetConsoleOutputCP () returned 0x1b5 [0160.569] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.569] GetLastError () returned 0xcb [0160.569] GetConsoleOutputCP () returned 0x1b5 [0160.569] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.569] GetLastError () returned 0xcb [0160.569] GetConsoleOutputCP () returned 0x1b5 [0160.569] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.569] GetLastError () returned 0xcb [0160.569] GetConsoleOutputCP () returned 0x1b5 [0160.569] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.569] GetLastError () returned 0xcb [0160.569] GetConsoleOutputCP () returned 0x1b5 [0160.570] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.570] GetLastError () returned 0xcb [0160.570] GetConsoleOutputCP () returned 0x1b5 [0160.570] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.570] GetLastError () returned 0xcb [0160.570] GetConsoleOutputCP () returned 0x1b5 [0160.570] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.570] GetLastError () returned 0xcb [0160.570] GetConsoleOutputCP () returned 0x1b5 [0160.570] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.570] GetLastError () returned 0xcb [0160.570] GetConsoleOutputCP () returned 0x1b5 [0160.570] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.570] GetLastError () returned 0xcb [0160.570] GetConsoleOutputCP () returned 0x1b5 [0160.570] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.570] GetLastError () returned 0xcb [0160.570] GetConsoleOutputCP () returned 0x1b5 [0160.571] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.571] GetLastError () returned 0xcb [0160.571] GetConsoleOutputCP () returned 0x1b5 [0160.571] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.571] GetLastError () returned 0xcb [0160.571] GetConsoleOutputCP () returned 0x1b5 [0160.571] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.571] GetLastError () returned 0xcb [0160.571] GetConsoleOutputCP () returned 0x1b5 [0160.571] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.571] GetLastError () returned 0xcb [0160.571] GetConsoleOutputCP () returned 0x1b5 [0160.571] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.571] GetLastError () returned 0xcb [0160.571] GetConsoleOutputCP () returned 0x1b5 [0160.572] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.572] GetLastError () returned 0xcb [0160.572] GetConsoleOutputCP () returned 0x1b5 [0160.572] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.572] GetLastError () returned 0xcb [0160.572] GetConsoleOutputCP () returned 0x1b5 [0160.572] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.572] GetLastError () returned 0xcb [0160.572] GetConsoleOutputCP () returned 0x1b5 [0160.572] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.572] GetLastError () returned 0xcb [0160.572] GetConsoleOutputCP () returned 0x1b5 [0160.572] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.572] GetLastError () returned 0xcb [0160.572] GetConsoleOutputCP () returned 0x1b5 [0160.572] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.572] GetLastError () returned 0xcb [0160.573] GetConsoleOutputCP () returned 0x1b5 [0160.573] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb70, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb70) returned 0 [0160.573] GetLastError () returned 0xcb [0160.573] GetConsoleOutputCP () returned 0x1b5 [0160.573] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb70, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb70) returned 0 [0160.573] GetLastError () returned 0xcb [0160.573] GetConsoleOutputCP () returned 0x1b5 [0160.573] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb70, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb70) returned 0 [0160.573] GetLastError () returned 0xcb [0160.573] GetConsoleOutputCP () returned 0x1b5 [0160.573] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb70, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb70) returned 0 [0160.573] GetLastError () returned 0xcb [0160.573] GetConsoleOutputCP () returned 0x1b5 [0160.573] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb70, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb70) returned 0 [0160.573] GetLastError () returned 0xcb [0160.573] GetConsoleOutputCP () returned 0x1b5 [0160.574] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.574] GetLastError () returned 0xcb [0160.574] GetConsoleOutputCP () returned 0x1b5 [0160.574] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.574] GetLastError () returned 0xcb [0160.574] GetConsoleOutputCP () returned 0x1b5 [0160.574] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.574] GetLastError () returned 0xcb [0160.574] GetConsoleOutputCP () returned 0x1b5 [0160.574] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.574] GetLastError () returned 0xcb [0160.574] GetConsoleOutputCP () returned 0x1b5 [0160.574] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.574] GetLastError () returned 0xcb [0160.574] GetConsoleOutputCP () returned 0x1b5 [0160.575] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.575] GetLastError () returned 0xcb [0160.575] GetConsoleOutputCP () returned 0x1b5 [0160.575] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.575] GetLastError () returned 0xcb [0160.575] GetConsoleOutputCP () returned 0x1b5 [0160.575] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.575] GetLastError () returned 0xcb [0160.575] GetConsoleOutputCP () returned 0x1b5 [0160.575] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.575] GetLastError () returned 0xcb [0160.575] GetConsoleOutputCP () returned 0x1b5 [0160.575] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.575] GetLastError () returned 0xcb [0160.575] GetConsoleOutputCP () returned 0x1b5 [0160.576] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.576] GetLastError () returned 0xcb [0160.576] GetConsoleOutputCP () returned 0x1b5 [0160.576] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.576] GetLastError () returned 0xcb [0160.576] GetConsoleOutputCP () returned 0x1b5 [0160.576] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.576] GetLastError () returned 0xcb [0160.576] GetConsoleOutputCP () returned 0x1b5 [0160.576] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.576] GetLastError () returned 0xcb [0160.576] GetConsoleOutputCP () returned 0x1b5 [0160.576] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.576] GetLastError () returned 0xcb [0160.576] GetConsoleOutputCP () returned 0x1b5 [0160.576] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.576] GetLastError () returned 0xcb [0160.577] GetConsoleOutputCP () returned 0x1b5 [0160.577] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.577] GetLastError () returned 0xcb [0160.577] GetConsoleOutputCP () returned 0x1b5 [0160.577] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.577] GetLastError () returned 0xcb [0160.577] GetConsoleOutputCP () returned 0x1b5 [0160.577] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.577] GetLastError () returned 0xcb [0160.577] GetConsoleOutputCP () returned 0x1b5 [0160.577] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.577] GetLastError () returned 0xcb [0160.577] GetConsoleOutputCP () returned 0x1b5 [0160.577] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.577] GetLastError () returned 0xcb [0160.577] GetConsoleOutputCP () returned 0x1b5 [0160.578] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.578] GetLastError () returned 0xcb [0160.578] GetConsoleOutputCP () returned 0x1b5 [0160.578] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.578] GetLastError () returned 0xcb [0160.578] GetConsoleOutputCP () returned 0x1b5 [0160.578] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.578] GetLastError () returned 0xcb [0160.578] GetConsoleOutputCP () returned 0x1b5 [0160.578] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.578] GetLastError () returned 0xcb [0160.578] GetConsoleOutputCP () returned 0x1b5 [0160.578] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.578] GetLastError () returned 0xcb [0160.578] GetConsoleOutputCP () returned 0x1b5 [0160.578] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.579] GetLastError () returned 0xcb [0160.579] GetConsoleOutputCP () returned 0x1b5 [0160.579] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.579] GetLastError () returned 0xcb [0160.579] GetConsoleOutputCP () returned 0x1b5 [0160.579] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.579] GetLastError () returned 0xcb [0160.579] GetConsoleOutputCP () returned 0x1b5 [0160.579] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.579] GetLastError () returned 0xcb [0160.579] GetConsoleOutputCP () returned 0x1b5 [0160.579] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.579] GetLastError () returned 0xcb [0160.579] GetConsoleOutputCP () returned 0x1b5 [0160.579] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.579] GetLastError () returned 0xcb [0160.579] GetConsoleOutputCP () returned 0x1b5 [0160.580] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.580] GetLastError () returned 0xcb [0160.580] GetConsoleOutputCP () returned 0x1b5 [0160.580] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.580] GetLastError () returned 0xcb [0160.580] GetConsoleOutputCP () returned 0x1b5 [0160.580] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.580] GetLastError () returned 0xcb [0160.580] GetConsoleOutputCP () returned 0x1b5 [0160.580] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.580] GetLastError () returned 0xcb [0160.580] GetConsoleOutputCP () returned 0x1b5 [0160.580] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.580] GetLastError () returned 0xcb [0160.580] GetConsoleOutputCP () returned 0x1b5 [0160.582] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.582] GetLastError () returned 0xcb [0160.582] GetConsoleOutputCP () returned 0x1b5 [0160.582] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.582] GetLastError () returned 0xcb [0160.582] GetConsoleOutputCP () returned 0x1b5 [0160.582] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.582] GetLastError () returned 0xcb [0160.582] GetConsoleOutputCP () returned 0x1b5 [0160.582] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.582] GetLastError () returned 0xcb [0160.582] GetConsoleOutputCP () returned 0x1b5 [0160.582] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.582] GetLastError () returned 0xcb [0160.582] GetConsoleOutputCP () returned 0x1b5 [0160.583] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.583] GetLastError () returned 0xcb [0160.583] GetConsoleOutputCP () returned 0x1b5 [0160.583] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.583] GetLastError () returned 0xcb [0160.583] GetConsoleOutputCP () returned 0x1b5 [0160.583] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.583] GetLastError () returned 0xcb [0160.583] GetConsoleOutputCP () returned 0x1b5 [0160.583] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.583] GetLastError () returned 0xcb [0160.583] GetConsoleOutputCP () returned 0x1b5 [0160.583] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.583] GetLastError () returned 0xcb [0160.583] GetConsoleOutputCP () returned 0x1b5 [0160.583] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.584] GetLastError () returned 0xcb [0160.584] GetConsoleOutputCP () returned 0x1b5 [0160.584] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.584] GetLastError () returned 0xcb [0160.584] GetConsoleOutputCP () returned 0x1b5 [0160.584] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.584] GetLastError () returned 0xcb [0160.584] GetConsoleOutputCP () returned 0x1b5 [0160.584] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.584] GetLastError () returned 0xcb [0160.584] GetConsoleOutputCP () returned 0x1b5 [0160.584] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.584] GetLastError () returned 0xcb [0160.584] GetConsoleOutputCP () returned 0x1b5 [0160.584] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.584] GetLastError () returned 0xcb [0160.584] GetConsoleOutputCP () returned 0x1b5 [0160.585] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.585] GetLastError () returned 0xcb [0160.585] GetConsoleOutputCP () returned 0x1b5 [0160.585] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.585] GetLastError () returned 0xcb [0160.585] GetConsoleOutputCP () returned 0x1b5 [0160.585] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.585] GetLastError () returned 0xcb [0160.585] GetConsoleOutputCP () returned 0x1b5 [0160.585] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.585] GetLastError () returned 0xcb [0160.585] GetConsoleOutputCP () returned 0x1b5 [0160.585] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.585] GetLastError () returned 0xcb [0160.585] GetConsoleOutputCP () returned 0x1b5 [0160.585] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.586] GetLastError () returned 0xcb [0160.586] GetConsoleOutputCP () returned 0x1b5 [0160.586] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.586] GetLastError () returned 0xcb [0160.586] GetConsoleOutputCP () returned 0x1b5 [0160.586] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.586] GetLastError () returned 0xcb [0160.586] GetConsoleOutputCP () returned 0x1b5 [0160.586] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.586] GetLastError () returned 0xcb [0160.586] GetConsoleOutputCP () returned 0x1b5 [0160.586] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.586] GetLastError () returned 0xcb [0160.586] GetConsoleOutputCP () returned 0x1b5 [0160.586] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.586] GetLastError () returned 0xcb [0160.586] GetConsoleOutputCP () returned 0x1b5 [0160.587] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.587] GetLastError () returned 0xcb [0160.587] GetConsoleOutputCP () returned 0x1b5 [0160.587] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.587] GetLastError () returned 0xcb [0160.587] GetConsoleOutputCP () returned 0x1b5 [0160.587] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.587] GetLastError () returned 0xcb [0160.587] GetConsoleOutputCP () returned 0x1b5 [0160.587] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.587] GetLastError () returned 0xcb [0160.587] GetConsoleOutputCP () returned 0x1b5 [0160.587] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.587] GetLastError () returned 0xcb [0160.587] GetConsoleOutputCP () returned 0x1b5 [0160.588] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.588] GetLastError () returned 0xcb [0160.588] GetConsoleOutputCP () returned 0x1b5 [0160.588] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.588] GetLastError () returned 0xcb [0160.588] GetConsoleOutputCP () returned 0x1b5 [0160.588] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.588] GetLastError () returned 0xcb [0160.588] GetConsoleOutputCP () returned 0x1b5 [0160.588] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.588] GetLastError () returned 0xcb [0160.588] GetConsoleOutputCP () returned 0x1b5 [0160.588] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.588] GetLastError () returned 0xcb [0160.588] GetConsoleOutputCP () returned 0x1b5 [0160.588] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.588] GetLastError () returned 0xcb [0160.588] GetConsoleOutputCP () returned 0x1b5 [0160.589] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.589] GetLastError () returned 0xcb [0160.589] GetConsoleOutputCP () returned 0x1b5 [0160.589] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.589] GetLastError () returned 0xcb [0160.589] GetConsoleOutputCP () returned 0x1b5 [0160.589] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.589] GetLastError () returned 0xcb [0160.589] GetConsoleOutputCP () returned 0x1b5 [0160.589] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.589] GetLastError () returned 0xcb [0160.589] GetConsoleOutputCP () returned 0x1b5 [0160.589] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb70, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb70) returned 0 [0160.589] GetLastError () returned 0xcb [0160.589] GetConsoleOutputCP () returned 0x1b5 [0160.590] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb70, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb70) returned 0 [0160.590] GetLastError () returned 0xcb [0160.590] GetConsoleOutputCP () returned 0x1b5 [0160.590] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb70, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb70) returned 0 [0160.590] GetLastError () returned 0xcb [0160.595] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17 [0160.595] GetLastError () returned 0xcb [0160.595] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x17, lpConsoleScreenBufferInfo=0x5eceb48 | out: lpConsoleScreenBufferInfo=0x5eceb48) returned 1 [0160.596] GetLastError () returned 0xcb [0160.596] GetConsoleOutputCP () returned 0x1b5 [0160.596] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.596] GetLastError () returned 0xcb [0160.647] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0160.647] GetLastError () returned 0xcb [0160.647] GetConsoleMode (in: hConsoleHandle=0x0, lpMode=0x5ecebc0 | out: lpMode=0x5ecebc0) returned 0 [0160.647] GetLastError () returned 0x6 [0160.651] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b [0160.651] GetLastError () returned 0x6 [0160.651] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1b, lpConsoleScreenBufferInfo=0x5eceae8 | out: lpConsoleScreenBufferInfo=0x5eceae8) returned 1 [0160.652] GetLastError () returned 0x6 [0160.655] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f [0160.655] GetLastError () returned 0x6 [0160.655] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1f, lpConsoleScreenBufferInfo=0x5eceae8 | out: lpConsoleScreenBufferInfo=0x5eceae8) returned 1 [0160.658] GetLastError () returned 0x6 [0160.662] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0160.662] GetLastError () returned 0x6 [0160.662] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5eceaf0 | out: lpConsoleScreenBufferInfo=0x5eceaf0) returned 1 [0160.662] GetLastError () returned 0x6 [0160.664] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1 [0160.665] GetLastError () returned 0x6 [0160.668] CloseHandle (hObject=0x23) returned 1 [0160.668] GetLastError () returned 0x6 [0160.672] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0160.672] GetLastError () returned 0x6 [0160.672] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5eceaf0 | out: lpConsoleScreenBufferInfo=0x5eceaf0) returned 1 [0160.672] GetLastError () returned 0x6 [0160.672] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1 [0160.672] GetLastError () returned 0x6 [0160.673] CloseHandle (hObject=0x23) returned 1 [0160.673] GetLastError () returned 0x6 [0160.674] GetStdHandle (nStdHandle=0xfffffff5) returned 0x350 [0160.674] GetLastError () returned 0x6 [0160.674] GetConsoleMode (in: hConsoleHandle=0x350, lpMode=0x5eceb58 | out: lpMode=0x5eceb58) returned 0 [0160.674] GetLastError () returned 0x6 [0160.674] GetConsoleOutputCP () returned 0x1b5 [0160.678] GetFileType (hFile=0x350) returned 0x3 [0160.679] WriteFile (in: hFile=0x350, lpBuffer=0x2c99a38*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x5eceaf4, lpOverlapped=0x0 | out: lpBuffer=0x2c99a38*, lpNumberOfBytesWritten=0x5eceaf4*=0x4f, lpOverlapped=0x0) returned 1 [0160.680] GetLastError () returned 0x0 [0160.684] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0160.685] GetLastError () returned 0x0 [0160.685] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5eceaec | out: lpConsoleScreenBufferInfo=0x5eceaec) returned 1 [0160.687] GetLastError () returned 0x0 [0160.687] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1 [0160.687] GetLastError () returned 0x0 [0160.687] CloseHandle (hObject=0x23) returned 1 [0160.687] GetLastError () returned 0x0 [0160.691] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0160.691] GetLastError () returned 0x0 [0160.691] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5eceaec | out: lpConsoleScreenBufferInfo=0x5eceaec) returned 1 [0160.691] GetLastError () returned 0x0 [0160.691] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1 [0160.692] GetLastError () returned 0x0 [0160.692] CloseHandle (hObject=0x23) returned 1 [0160.692] GetLastError () returned 0x0 [0160.692] WriteFile (in: hFile=0x350, lpBuffer=0x2c99a38*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5eceb34, lpOverlapped=0x0 | out: lpBuffer=0x2c99a38*, lpNumberOfBytesWritten=0x5eceb34*=0x1, lpOverlapped=0x0) returned 1 [0160.695] GetLastError () returned 0x0 [0160.698] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0160.699] GetLastError () returned 0x0 [0160.699] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5eceb48 | out: lpConsoleScreenBufferInfo=0x5eceb48) returned 1 [0160.699] GetLastError () returned 0x0 [0160.699] GetConsoleOutputCP () returned 0x1b5 [0160.699] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.699] GetLastError () returned 0x0 [0160.702] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27 [0160.703] GetLastError () returned 0x0 [0160.703] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x27, lpConsoleScreenBufferInfo=0x5eceae8 | out: lpConsoleScreenBufferInfo=0x5eceae8) returned 1 [0160.703] GetLastError () returned 0x0 [0160.706] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b [0160.706] GetLastError () returned 0x0 [0160.706] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2b, lpConsoleScreenBufferInfo=0x5eceae8 | out: lpConsoleScreenBufferInfo=0x5eceae8) returned 1 [0160.707] GetLastError () returned 0x0 [0160.710] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0160.713] GetLastError () returned 0x0 [0160.713] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5eceaf0 | out: lpConsoleScreenBufferInfo=0x5eceaf0) returned 1 [0160.714] GetLastError () returned 0x0 [0160.714] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1 [0160.714] GetLastError () returned 0x0 [0160.714] CloseHandle (hObject=0x2f) returned 1 [0160.714] GetLastError () returned 0x0 [0160.718] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0160.718] GetLastError () returned 0x0 [0160.718] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5eceaf0 | out: lpConsoleScreenBufferInfo=0x5eceaf0) returned 1 [0160.718] GetLastError () returned 0x0 [0160.718] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1 [0160.718] GetLastError () returned 0x0 [0160.718] CloseHandle (hObject=0x2f) returned 1 [0160.719] GetLastError () returned 0x0 [0160.719] WriteFile (in: hFile=0x350, lpBuffer=0x2c99a38*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x5eceaf4, lpOverlapped=0x0 | out: lpBuffer=0x2c99a38*, lpNumberOfBytesWritten=0x5eceaf4*=0x4f, lpOverlapped=0x0) returned 1 [0160.719] GetLastError () returned 0x0 [0160.722] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0160.724] GetLastError () returned 0x0 [0160.724] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5eceaec | out: lpConsoleScreenBufferInfo=0x5eceaec) returned 1 [0160.724] GetLastError () returned 0x0 [0160.724] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1 [0160.725] GetLastError () returned 0x0 [0160.725] CloseHandle (hObject=0x2f) returned 1 [0160.725] GetLastError () returned 0x0 [0160.728] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0160.729] GetLastError () returned 0x0 [0160.729] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5eceaec | out: lpConsoleScreenBufferInfo=0x5eceaec) returned 1 [0160.729] GetLastError () returned 0x0 [0160.729] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1 [0160.729] GetLastError () returned 0x0 [0160.729] CloseHandle (hObject=0x2f) returned 1 [0160.730] GetLastError () returned 0x0 [0160.730] WriteFile (in: hFile=0x350, lpBuffer=0x2c99a38*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5eceb34, lpOverlapped=0x0 | out: lpBuffer=0x2c99a38*, lpNumberOfBytesWritten=0x5eceb34*=0x1, lpOverlapped=0x0) returned 1 [0160.730] GetLastError () returned 0x0 [0160.734] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0160.734] GetLastError () returned 0x0 [0160.734] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5eceb48 | out: lpConsoleScreenBufferInfo=0x5eceb48) returned 1 [0160.734] GetLastError () returned 0x0 [0160.734] GetConsoleOutputCP () returned 0x1b5 [0160.734] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.734] GetLastError () returned 0x0 [0160.737] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33 [0160.738] GetLastError () returned 0x0 [0160.738] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x33, lpConsoleScreenBufferInfo=0x5eceae8 | out: lpConsoleScreenBufferInfo=0x5eceae8) returned 1 [0160.738] GetLastError () returned 0x0 [0160.741] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37 [0160.741] GetLastError () returned 0x0 [0160.742] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x37, lpConsoleScreenBufferInfo=0x5eceae8 | out: lpConsoleScreenBufferInfo=0x5eceae8) returned 1 [0160.742] GetLastError () returned 0x0 [0160.745] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0160.745] GetLastError () returned 0x0 [0160.745] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5eceaf0 | out: lpConsoleScreenBufferInfo=0x5eceaf0) returned 1 [0160.745] GetLastError () returned 0x0 [0160.745] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1 [0160.746] GetLastError () returned 0x0 [0160.746] CloseHandle (hObject=0x3b) returned 1 [0160.746] GetLastError () returned 0x0 [0160.749] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0160.749] GetLastError () returned 0x0 [0160.750] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5eceaf0 | out: lpConsoleScreenBufferInfo=0x5eceaf0) returned 1 [0160.750] GetLastError () returned 0x0 [0160.750] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1 [0160.750] GetLastError () returned 0x0 [0160.750] CloseHandle (hObject=0x3b) returned 1 [0160.750] GetLastError () returned 0x0 [0160.751] WriteFile (in: hFile=0x350, lpBuffer=0x2c99a38*, nNumberOfBytesToWrite=0x3e, lpNumberOfBytesWritten=0x5eceaf4, lpOverlapped=0x0 | out: lpBuffer=0x2c99a38*, lpNumberOfBytesWritten=0x5eceaf4*=0x3e, lpOverlapped=0x0) returned 1 [0160.751] GetLastError () returned 0x0 [0160.754] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0160.754] GetLastError () returned 0x0 [0160.754] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5eceaec | out: lpConsoleScreenBufferInfo=0x5eceaec) returned 1 [0160.755] GetLastError () returned 0x0 [0160.755] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1 [0160.755] GetLastError () returned 0x0 [0160.755] CloseHandle (hObject=0x3b) returned 1 [0160.755] GetLastError () returned 0x0 [0160.758] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0160.759] GetLastError () returned 0x0 [0160.759] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5eceaec | out: lpConsoleScreenBufferInfo=0x5eceaec) returned 1 [0160.759] GetLastError () returned 0x0 [0160.759] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1 [0160.759] GetLastError () returned 0x0 [0160.759] CloseHandle (hObject=0x3b) returned 1 [0160.760] GetLastError () returned 0x0 [0160.760] WriteFile (in: hFile=0x350, lpBuffer=0x2c99a38*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5eceb34, lpOverlapped=0x0 | out: lpBuffer=0x2c99a38*, lpNumberOfBytesWritten=0x5eceb34*=0x1, lpOverlapped=0x0) returned 1 [0160.760] GetLastError () returned 0x0 [0160.763] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0160.764] GetLastError () returned 0x0 [0160.764] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5eceb48 | out: lpConsoleScreenBufferInfo=0x5eceb48) returned 1 [0160.764] GetLastError () returned 0x0 [0160.764] GetConsoleOutputCP () returned 0x1b5 [0160.764] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.764] GetLastError () returned 0x0 [0160.767] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f [0160.768] GetLastError () returned 0x0 [0160.768] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3f, lpConsoleScreenBufferInfo=0x5eceae8 | out: lpConsoleScreenBufferInfo=0x5eceae8) returned 1 [0160.768] GetLastError () returned 0x0 [0160.771] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43 [0160.771] GetLastError () returned 0x0 [0160.771] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x43, lpConsoleScreenBufferInfo=0x5eceae8 | out: lpConsoleScreenBufferInfo=0x5eceae8) returned 1 [0160.771] GetLastError () returned 0x0 [0160.775] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0160.775] GetLastError () returned 0x0 [0160.775] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5eceaf0 | out: lpConsoleScreenBufferInfo=0x5eceaf0) returned 1 [0160.775] GetLastError () returned 0x0 [0160.775] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1 [0160.776] GetLastError () returned 0x0 [0160.776] CloseHandle (hObject=0x47) returned 1 [0160.776] GetLastError () returned 0x0 [0160.779] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0160.780] GetLastError () returned 0x0 [0160.780] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5eceaf0 | out: lpConsoleScreenBufferInfo=0x5eceaf0) returned 1 [0160.780] GetLastError () returned 0x0 [0160.780] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1 [0160.780] GetLastError () returned 0x0 [0160.780] CloseHandle (hObject=0x47) returned 1 [0160.781] GetLastError () returned 0x0 [0160.781] WriteFile (in: hFile=0x350, lpBuffer=0x2c99a38*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x5eceaf4, lpOverlapped=0x0 | out: lpBuffer=0x2c99a38*, lpNumberOfBytesWritten=0x5eceaf4*=0x11, lpOverlapped=0x0) returned 1 [0160.781] GetLastError () returned 0x0 [0160.784] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0160.784] GetLastError () returned 0x0 [0160.785] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5eceaec | out: lpConsoleScreenBufferInfo=0x5eceaec) returned 1 [0160.785] GetLastError () returned 0x0 [0160.785] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1 [0160.785] GetLastError () returned 0x0 [0160.785] CloseHandle (hObject=0x47) returned 1 [0160.786] GetLastError () returned 0x0 [0160.790] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0160.790] GetLastError () returned 0x0 [0160.790] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5eceaec | out: lpConsoleScreenBufferInfo=0x5eceaec) returned 1 [0160.790] GetLastError () returned 0x0 [0160.790] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1 [0160.791] GetLastError () returned 0x0 [0160.791] CloseHandle (hObject=0x47) returned 1 [0160.791] GetLastError () returned 0x0 [0160.791] WriteFile (in: hFile=0x350, lpBuffer=0x2c99a38*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5eceb34, lpOverlapped=0x0 | out: lpBuffer=0x2c99a38*, lpNumberOfBytesWritten=0x5eceb34*=0x1, lpOverlapped=0x0) returned 1 [0160.792] GetLastError () returned 0x0 [0160.795] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0160.795] GetLastError () returned 0x0 [0160.795] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5eceb48 | out: lpConsoleScreenBufferInfo=0x5eceb48) returned 1 [0160.795] GetLastError () returned 0x0 [0160.795] GetConsoleOutputCP () returned 0x1b5 [0160.796] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.796] GetLastError () returned 0x0 [0160.799] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4b [0160.799] GetLastError () returned 0x0 [0160.799] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4b, lpConsoleScreenBufferInfo=0x5eceae8 | out: lpConsoleScreenBufferInfo=0x5eceae8) returned 1 [0160.800] GetLastError () returned 0x0 [0160.803] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4f [0160.803] GetLastError () returned 0x0 [0160.803] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4f, lpConsoleScreenBufferInfo=0x5eceae8 | out: lpConsoleScreenBufferInfo=0x5eceae8) returned 1 [0160.803] GetLastError () returned 0x0 [0160.807] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0160.807] GetLastError () returned 0x0 [0160.807] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5eceaf0 | out: lpConsoleScreenBufferInfo=0x5eceaf0) returned 1 [0160.807] GetLastError () returned 0x0 [0160.807] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1 [0160.808] GetLastError () returned 0x0 [0160.808] CloseHandle (hObject=0x53) returned 1 [0160.808] GetLastError () returned 0x0 [0160.812] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0160.812] GetLastError () returned 0x0 [0160.812] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5eceaf0 | out: lpConsoleScreenBufferInfo=0x5eceaf0) returned 1 [0160.812] GetLastError () returned 0x0 [0160.812] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1 [0160.813] GetLastError () returned 0x0 [0160.813] CloseHandle (hObject=0x53) returned 1 [0160.813] GetLastError () returned 0x0 [0160.813] WriteFile (in: hFile=0x350, lpBuffer=0x2c99a38*, nNumberOfBytesToWrite=0x21, lpNumberOfBytesWritten=0x5eceaf4, lpOverlapped=0x0 | out: lpBuffer=0x2c99a38*, lpNumberOfBytesWritten=0x5eceaf4*=0x21, lpOverlapped=0x0) returned 1 [0160.814] GetLastError () returned 0x0 [0160.817] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0160.818] GetLastError () returned 0x0 [0160.818] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5eceaec | out: lpConsoleScreenBufferInfo=0x5eceaec) returned 1 [0160.818] GetLastError () returned 0x0 [0160.818] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1 [0160.818] GetLastError () returned 0x0 [0160.818] CloseHandle (hObject=0x53) returned 1 [0160.819] GetLastError () returned 0x0 [0160.822] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0160.823] GetLastError () returned 0x0 [0160.823] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5eceaec | out: lpConsoleScreenBufferInfo=0x5eceaec) returned 1 [0160.823] GetLastError () returned 0x0 [0160.823] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1 [0160.823] GetLastError () returned 0x0 [0160.823] CloseHandle (hObject=0x53) returned 1 [0160.824] GetLastError () returned 0x0 [0160.824] WriteFile (in: hFile=0x350, lpBuffer=0x2c99a38*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5eceb34, lpOverlapped=0x0 | out: lpBuffer=0x2c99a38*, lpNumberOfBytesWritten=0x5eceb34*=0x1, lpOverlapped=0x0) returned 1 [0160.824] GetLastError () returned 0x0 [0160.828] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0160.828] GetLastError () returned 0x0 [0160.828] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5eceb48 | out: lpConsoleScreenBufferInfo=0x5eceb48) returned 1 [0160.828] GetLastError () returned 0x0 [0160.828] GetConsoleOutputCP () returned 0x1b5 [0160.829] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.829] GetLastError () returned 0x0 [0160.832] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x57 [0160.832] GetLastError () returned 0x0 [0160.832] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x57, lpConsoleScreenBufferInfo=0x5eceae8 | out: lpConsoleScreenBufferInfo=0x5eceae8) returned 1 [0160.832] GetLastError () returned 0x0 [0160.836] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5b [0160.836] GetLastError () returned 0x0 [0160.836] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5b, lpConsoleScreenBufferInfo=0x5eceae8 | out: lpConsoleScreenBufferInfo=0x5eceae8) returned 1 [0160.836] GetLastError () returned 0x0 [0160.839] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0160.840] GetLastError () returned 0x0 [0160.840] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5eceaf0 | out: lpConsoleScreenBufferInfo=0x5eceaf0) returned 1 [0160.840] GetLastError () returned 0x0 [0160.840] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1 [0160.840] GetLastError () returned 0x0 [0160.840] CloseHandle (hObject=0x5f) returned 1 [0160.841] GetLastError () returned 0x0 [0160.844] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0160.844] GetLastError () returned 0x0 [0160.844] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5eceaf0 | out: lpConsoleScreenBufferInfo=0x5eceaf0) returned 1 [0160.844] GetLastError () returned 0x0 [0160.844] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1 [0160.845] GetLastError () returned 0x0 [0160.845] CloseHandle (hObject=0x5f) returned 1 [0160.845] GetLastError () returned 0x0 [0160.845] WriteFile (in: hFile=0x350, lpBuffer=0x2c99a38*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x5eceaf4, lpOverlapped=0x0 | out: lpBuffer=0x2c99a38*, lpNumberOfBytesWritten=0x5eceaf4*=0x4f, lpOverlapped=0x0) returned 1 [0160.845] GetLastError () returned 0x0 [0160.849] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0160.849] GetLastError () returned 0x0 [0160.849] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5eceaec | out: lpConsoleScreenBufferInfo=0x5eceaec) returned 1 [0160.849] GetLastError () returned 0x0 [0160.849] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1 [0160.850] GetLastError () returned 0x0 [0160.850] CloseHandle (hObject=0x5f) returned 1 [0160.850] GetLastError () returned 0x0 [0160.853] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0160.854] GetLastError () returned 0x0 [0160.854] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5eceaec | out: lpConsoleScreenBufferInfo=0x5eceaec) returned 1 [0160.855] GetLastError () returned 0x0 [0160.855] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1 [0160.855] GetLastError () returned 0x0 [0160.855] CloseHandle (hObject=0x5f) returned 1 [0160.855] GetLastError () returned 0x0 [0160.856] WriteFile (in: hFile=0x350, lpBuffer=0x2c99a38*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5eceb34, lpOverlapped=0x0 | out: lpBuffer=0x2c99a38*, lpNumberOfBytesWritten=0x5eceb34*=0x1, lpOverlapped=0x0) returned 1 [0160.856] GetLastError () returned 0x0 [0160.861] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0160.862] GetLastError () returned 0x0 [0160.862] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5eceb48 | out: lpConsoleScreenBufferInfo=0x5eceb48) returned 1 [0160.862] GetLastError () returned 0x0 [0160.862] GetConsoleOutputCP () returned 0x1b5 [0160.862] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.862] GetLastError () returned 0x0 [0160.867] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x63 [0160.868] GetLastError () returned 0x0 [0160.868] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x63, lpConsoleScreenBufferInfo=0x5eceae8 | out: lpConsoleScreenBufferInfo=0x5eceae8) returned 1 [0160.868] GetLastError () returned 0x0 [0160.873] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x67 [0160.874] GetLastError () returned 0x0 [0160.874] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x67, lpConsoleScreenBufferInfo=0x5eceae8 | out: lpConsoleScreenBufferInfo=0x5eceae8) returned 1 [0160.874] GetLastError () returned 0x0 [0160.879] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0160.882] GetLastError () returned 0x0 [0160.882] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5eceaf0 | out: lpConsoleScreenBufferInfo=0x5eceaf0) returned 1 [0160.883] GetLastError () returned 0x0 [0160.883] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1 [0160.883] GetLastError () returned 0x0 [0160.883] CloseHandle (hObject=0x6b) returned 1 [0160.883] GetLastError () returned 0x0 [0160.889] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0160.889] GetLastError () returned 0x0 [0160.889] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5eceaf0 | out: lpConsoleScreenBufferInfo=0x5eceaf0) returned 1 [0160.890] GetLastError () returned 0x0 [0160.890] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1 [0160.890] GetLastError () returned 0x0 [0160.890] CloseHandle (hObject=0x6b) returned 1 [0160.890] GetLastError () returned 0x0 [0160.891] WriteFile (in: hFile=0x350, lpBuffer=0x2c99a38*, nNumberOfBytesToWrite=0x19, lpNumberOfBytesWritten=0x5eceaf4, lpOverlapped=0x0 | out: lpBuffer=0x2c99a38*, lpNumberOfBytesWritten=0x5eceaf4*=0x19, lpOverlapped=0x0) returned 1 [0160.891] GetLastError () returned 0x0 [0160.896] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0160.897] GetLastError () returned 0x0 [0160.897] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5eceaec | out: lpConsoleScreenBufferInfo=0x5eceaec) returned 1 [0160.897] GetLastError () returned 0x0 [0160.897] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1 [0160.898] GetLastError () returned 0x0 [0160.898] CloseHandle (hObject=0x6b) returned 1 [0160.898] GetLastError () returned 0x0 [0160.903] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0160.903] GetLastError () returned 0x0 [0160.903] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5eceaec | out: lpConsoleScreenBufferInfo=0x5eceaec) returned 1 [0160.904] GetLastError () returned 0x0 [0160.904] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1 [0160.904] GetLastError () returned 0x0 [0160.904] CloseHandle (hObject=0x6b) returned 1 [0160.905] GetLastError () returned 0x0 [0160.905] WriteFile (in: hFile=0x350, lpBuffer=0x2c99a38*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5eceb34, lpOverlapped=0x0 | out: lpBuffer=0x2c99a38*, lpNumberOfBytesWritten=0x5eceb34*=0x1, lpOverlapped=0x0) returned 1 [0160.905] GetLastError () returned 0x0 [0160.910] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0160.911] GetLastError () returned 0x0 [0160.911] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5eceb48 | out: lpConsoleScreenBufferInfo=0x5eceb48) returned 1 [0160.911] GetLastError () returned 0x0 [0160.911] GetConsoleOutputCP () returned 0x1b5 [0160.912] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.912] GetLastError () returned 0x0 [0160.917] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6f [0160.919] GetLastError () returned 0x0 [0160.919] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6f, lpConsoleScreenBufferInfo=0x5eceae8 | out: lpConsoleScreenBufferInfo=0x5eceae8) returned 1 [0160.919] GetLastError () returned 0x0 [0160.924] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x73 [0160.925] GetLastError () returned 0x0 [0160.925] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x73, lpConsoleScreenBufferInfo=0x5eceae8 | out: lpConsoleScreenBufferInfo=0x5eceae8) returned 1 [0160.925] GetLastError () returned 0x0 [0160.930] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0160.930] GetLastError () returned 0x0 [0160.930] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5eceaf0 | out: lpConsoleScreenBufferInfo=0x5eceaf0) returned 1 [0160.931] GetLastError () returned 0x0 [0160.931] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1 [0160.931] GetLastError () returned 0x0 [0160.931] CloseHandle (hObject=0x77) returned 1 [0160.932] GetLastError () returned 0x0 [0160.937] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0160.937] GetLastError () returned 0x0 [0160.937] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5eceaf0 | out: lpConsoleScreenBufferInfo=0x5eceaf0) returned 1 [0160.937] GetLastError () returned 0x0 [0160.937] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1 [0160.938] GetLastError () returned 0x0 [0160.938] CloseHandle (hObject=0x77) returned 1 [0160.938] GetLastError () returned 0x0 [0160.938] WriteFile (in: hFile=0x350, lpBuffer=0x2c99a38*, nNumberOfBytesToWrite=0x36, lpNumberOfBytesWritten=0x5eceaf4, lpOverlapped=0x0 | out: lpBuffer=0x2c99a38*, lpNumberOfBytesWritten=0x5eceaf4*=0x36, lpOverlapped=0x0) returned 1 [0160.939] GetLastError () returned 0x0 [0160.944] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0160.944] GetLastError () returned 0x0 [0160.944] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5eceaec | out: lpConsoleScreenBufferInfo=0x5eceaec) returned 1 [0160.945] GetLastError () returned 0x0 [0160.945] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1 [0160.945] GetLastError () returned 0x0 [0160.945] CloseHandle (hObject=0x77) returned 1 [0160.946] GetLastError () returned 0x0 [0160.950] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0160.951] GetLastError () returned 0x0 [0160.951] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5eceaec | out: lpConsoleScreenBufferInfo=0x5eceaec) returned 1 [0160.951] GetLastError () returned 0x0 [0160.951] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1 [0160.952] GetLastError () returned 0x0 [0160.952] CloseHandle (hObject=0x77) returned 1 [0160.952] GetLastError () returned 0x0 [0160.952] WriteFile (in: hFile=0x350, lpBuffer=0x2c99a38*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5eceb34, lpOverlapped=0x0 | out: lpBuffer=0x2c99a38*, lpNumberOfBytesWritten=0x5eceb34*=0x1, lpOverlapped=0x0) returned 1 [0160.953] GetLastError () returned 0x0 [0160.958] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0160.958] GetLastError () returned 0x0 [0160.958] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5eceb48 | out: lpConsoleScreenBufferInfo=0x5eceb48) returned 1 [0160.959] GetLastError () returned 0x0 [0160.959] GetConsoleOutputCP () returned 0x1b5 [0160.959] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5eceb50, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5eceb50) returned 0 [0160.959] GetLastError () returned 0x0 [0160.964] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7b [0160.964] GetLastError () returned 0x0 [0160.964] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7b, lpConsoleScreenBufferInfo=0x5eceae8 | out: lpConsoleScreenBufferInfo=0x5eceae8) returned 1 [0160.965] GetLastError () returned 0x0 [0160.969] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7f [0160.970] GetLastError () returned 0x0 [0160.970] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7f, lpConsoleScreenBufferInfo=0x5eceae8 | out: lpConsoleScreenBufferInfo=0x5eceae8) returned 1 [0160.970] GetLastError () returned 0x0 [0160.975] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0160.976] GetLastError () returned 0x0 [0160.976] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5eceaf0 | out: lpConsoleScreenBufferInfo=0x5eceaf0) returned 1 [0160.976] GetLastError () returned 0x0 [0160.976] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1 [0160.976] GetLastError () returned 0x0 [0160.976] CloseHandle (hObject=0x83) returned 1 [0160.977] GetLastError () returned 0x0 [0160.982] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0160.984] GetLastError () returned 0x0 [0160.984] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5eceaf0 | out: lpConsoleScreenBufferInfo=0x5eceaf0) returned 1 [0160.984] GetLastError () returned 0x0 [0160.984] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1 [0160.985] GetLastError () returned 0x0 [0160.985] CloseHandle (hObject=0x83) returned 1 [0160.985] GetLastError () returned 0x0 [0160.986] WriteFile (in: hFile=0x350, lpBuffer=0x2c99a38*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5eceaf4, lpOverlapped=0x0 | out: lpBuffer=0x2c99a38*, lpNumberOfBytesWritten=0x5eceaf4*=0x1, lpOverlapped=0x0) returned 1 [0160.986] GetLastError () returned 0x0 [0160.992] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0160.992] GetLastError () returned 0x0 [0160.993] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5eceaec | out: lpConsoleScreenBufferInfo=0x5eceaec) returned 1 [0160.993] GetLastError () returned 0x0 [0160.993] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1 [0160.993] GetLastError () returned 0x0 [0160.993] CloseHandle (hObject=0x83) returned 1 [0160.994] GetLastError () returned 0x0 [0161.000] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0161.000] GetLastError () returned 0x0 [0161.000] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5eceaec | out: lpConsoleScreenBufferInfo=0x5eceaec) returned 1 [0161.001] GetLastError () returned 0x0 [0161.001] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1 [0161.001] GetLastError () returned 0x0 [0161.001] CloseHandle (hObject=0x83) returned 1 [0161.002] GetLastError () returned 0x0 [0161.002] WriteFile (in: hFile=0x350, lpBuffer=0x2c99a38*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5eceb34, lpOverlapped=0x0 | out: lpBuffer=0x2c99a38*, lpNumberOfBytesWritten=0x5eceb34*=0x1, lpOverlapped=0x0) returned 1 [0161.003] GetLastError () returned 0x0 [0161.012] SetEvent (hEvent=0x39c) returned 1 [0161.012] GetLastError () returned 0x0 [0161.013] SetEvent (hEvent=0x3b4) returned 1 [0161.013] GetLastError () returned 0x0 [0161.013] SetEvent (hEvent=0x3b8) returned 1 [0161.013] GetLastError () returned 0x0 [0161.013] SetEvent (hEvent=0x3d8) returned 1 [0161.013] GetLastError () returned 0x0 [0161.013] SetEvent (hEvent=0x328) returned 1 [0161.013] GetLastError () returned 0x0 [0161.013] SetEvent (hEvent=0x3c0) returned 1 [0161.013] GetLastError () returned 0x0 [0161.013] SetEvent (hEvent=0x3c4) returned 1 [0161.013] GetLastError () returned 0x0 [0161.013] SetEvent (hEvent=0x324) returned 1 [0161.013] GetLastError () returned 0x0 [0161.014] SetEvent (hEvent=0x3c8) returned 1 [0161.014] GetLastError () returned 0x0 [0161.014] CoUninitialize () Thread: id = 285 os_tid = 0x218 [0161.059] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0161.085] SetThreadUILanguage (LangId=0x0) returned 0x409 [0161.086] VirtualQuery (in: lpAddress=0x5fbe420, lpBuffer=0x5fbf420, dwLength=0x1c | out: lpBuffer=0x5fbf420*(BaseAddress=0x5fbe000, AllocationBase=0x5630000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.086] VirtualQuery (in: lpAddress=0x5fbe53c, lpBuffer=0x5fbf53c, dwLength=0x1c | out: lpBuffer=0x5fbf53c*(BaseAddress=0x5fbe000, AllocationBase=0x5630000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.091] SetEvent (hEvent=0x394) returned 1 [0161.091] GetLastError () returned 0x0 [0161.091] SetEvent (hEvent=0x398) returned 1 [0161.091] GetLastError () returned 0x0 [0161.091] SetEvent (hEvent=0x3bc) returned 1 [0161.091] GetLastError () returned 0x0 [0161.091] SetEvent (hEvent=0x394) returned 1 [0161.091] GetLastError () returned 0x0 [0161.091] SetEvent (hEvent=0x398) returned 1 [0161.091] GetLastError () returned 0x0 [0161.091] SetEvent (hEvent=0x3ec) returned 1 [0161.091] GetLastError () returned 0x0 [0161.091] SetEvent (hEvent=0x3e0) returned 1 [0161.091] GetLastError () returned 0x0 [0161.091] SetEvent (hEvent=0x3e4) returned 1 [0161.091] GetLastError () returned 0x0 [0161.092] SetEvent (hEvent=0x3e8) returned 1 [0161.092] GetLastError () returned 0x0 [0161.092] SetEvent (hEvent=0x3f0) returned 1 [0161.092] GetLastError () returned 0x0 [0161.092] CoUninitialize () Process: id = "16" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x66aa9000" os_pid = "0x63c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "12" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e2f4" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 289 os_tid = 0x440 Thread: id = 290 os_tid = 0x684 Thread: id = 291 os_tid = 0x6d0 Thread: id = 292 os_tid = 0x594 Thread: id = 293 os_tid = 0x71c Thread: id = 294 os_tid = 0x710 Thread: id = 295 os_tid = 0x604